QEMU NBD Server Vulnerability: DoS Attack via Socket Closure
CVE-2024-7409

Currently unrated

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9.2 Extended Update Support; Red Hat Openshift Container Platform 4.13; Red Hat Openshift Container Platform 4.15
Vendor: CVE Published:; 5 August 2024

Summary

A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline.

Affected Version(s)

Red Hat Enterprise Linux 8 8100020240905091210.489197e6

Red Hat Enterprise Linux 9.2 Extended Update Support 17:7.2.0-14.el9_2.14

References

https://access.redhat.com/errata/RHSA-2024:6811

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2024:6818

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2024:6964

vendor-advisoryx_refsource_REDHAT

Timeline

Vulnerability published
Aug 5, 2024
Vulnerability Reserved
Aug 2, 2024