CVE-2024-7409

Summary

A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline.

Affected Software

VendorProductVersion RangeStatus
7.2.0unaffected
8.2.0unaffected
9.0.0unaffected
Red HatRed Hat Enterprise Linux 88100020240905091210.489197e6 < *unaffected
Red HatRed Hat Enterprise Linux 88100020240905091210.489197e6 < *unaffected
Red HatRed Hat Enterprise Linux 917:9.0.0-10.el9_5 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Extended Update Support17:7.2.0-14.el9_2.14 < *unaffected
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support17:8.2.0-11.el9_4.8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.13413.92.202411212100-0 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.13413.92.202409180051-0 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.14414.92.202411130444-0 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15415.92.202409162258-0 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.15415.92.202411050056-0 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.16416.94.202411261619-0 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.17417.94.202411261220-0 < *unaffected

Weaknesses

  • CWE-662: Improper Synchronization

Workarounds

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References