#VU89047 Double free in QEMU - CVE-2024-3446


Vulnerability identifier: #VU89047

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-3446

CWE-ID: CWE-415

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
QEMU
Client/Desktop applications / Virtualization software

Vendor: QEMU

Description

The vulnerability allows a malicious guest to escalate privileges on the system.

The vulnerability exists due to a boundary error in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. A malicious guest can trigger a double free error and execute arbitrary code within the context of the QEMU process on the host.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

QEMU: All versions

External links
https://access.redhat.com/security/cve/CVE-2024-3446
https://bugzilla.redhat.com/show_bug.cgi?id=2274211
https://patchew.org/QEMU/20240409105537.18308-1-philmd@linaro.org/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Anolis OS update for virt:an module
Anolis OS update for qemu
Red Hat Enterprise Linux 9 update for qemu-kvm
Multiple vulnerabilities in Oracle Linux
Red Hat Enterprise Linux 8 update for the virt:rhel and virt-devel:rhel module
openEuler 22.03 LTS SP1 update for qemu
openEuler 22.03 LTS SP2 update for qemu
openEuler 22.03 LTS SP3 update for qemu
openEuler 20.03 LTS SP1 update for qemu
openEuler 20.03 LTS SP4 update for qemu