A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirections_table data within RSS becomes controllable. Setting excessively large values may cause an index out-of-bounds issue, potentially resulting in heap overflow access. This flaw allows a privileged user in the guest to crash the QEMU process on the host.
Metrics
Affected Vendors & Products
References
History
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Thu, 19 Sep 2024 06:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Metrics |
ssvc
|
Thu, 19 Sep 2024 06:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
cvssV3_1
|
Fri, 16 Aug 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-07-05T13:51:38.241Z
Updated: 2024-11-13T14:27:00.253Z
Reserved: 2024-07-04T09:08:42.796Z
Link: CVE-2024-6505
Vulnrichment
Updated: 2024-08-16T17:02:42.843Z
NVD
Status : Modified
Published: 2024-07-05T14:15:03.420
Modified: 2024-11-21T09:49:46.400
Link: CVE-2024-6505
Redhat