A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host.
The product calls free() twice on the same memory address.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Red Hat Enterprise Linux 8 | RedHat | virt-devel:rhel-8100020240905091210.489197e6 | * |
Red Hat Enterprise Linux 8 | RedHat | virt:rhel-8100020240905091210.489197e6 | * |
Red Hat Enterprise Linux 9 | RedHat | qemu-kvm-17:9.0.0-10.el9_5 | * |
Qemu | Ubuntu | devel | * |
Qemu | Ubuntu | focal | * |
Qemu | Ubuntu | jammy | * |
Qemu | Ubuntu | mantic | * |
Qemu | Ubuntu | noble | * |
Qemu | Ubuntu | oracular | * |
Qemu | Ubuntu | plucky | * |
Qemu | Ubuntu | trusty/esm | * |
Qemu | Ubuntu | upstream | * |