Fixed
Created: Apr 9, 2024
Updated: May 10, 2024
Resolved Date: May 10, 2024
Found In Version: 10.23.30.1
Fix Version: 10.23.30.9
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Userspace
A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host.
CREATE(Triage):(User=admin) CVE-2024-3446 (https://nvd.nist.gov/vuln/detail/CVE-2024-3446)