QEMU NBD Server DoS via improper socket close sync
CVE-2024-7409 Published on August 5, 2024

Qemu: denial of service via improper synchronization in qemu nbd server during socket closure
A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Timeline

Reported to Red Hat.

Made public.

Weakness Type

Improper Synchronization

The software utilizes multiple threads or processes to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes.


Products Associated with CVE-2024-7409

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-7409 are published in these products:

Canonical Ubuntu Linux
 
Red Hat Enterprise Linux (RHEL)
 
Red Hat Rhel Eus
 
Red Hat Openshift
 
Red Hat Advanced Virtualization
 

Exploit Probability

EPSS
1.71%
Percentile
82.04%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.