Fixed
Created: Apr 9, 2024
Updated: Jun 11, 2024
Resolved Date: Jun 10, 2024
Found In Version: 10.21.20.1
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace
A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host.
CREATE(Triage):(User=admin) CVE-2024-3446 (https://nvd.nist.gov/vuln/detail/CVE-2024-3446)