Fixed
Created: Apr 29, 2024
Updated: Aug 28, 2024
Resolved Date: Jul 30, 2024
Found In Version: 10.24.33.1
Fix Version: 10.24.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 24
Component/s: Userspace
A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host.
CREATE(Triage):(User=admin) CVE-2024-3446 (https://nvd.nist.gov/vuln/detail/CVE-2024-3446)
