A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline.
The product utilizes multiple threads or processes to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Red Hat Enterprise Linux 8 | RedHat | virt-devel:rhel-8100020240905091210.489197e6 | * |
| Red Hat Enterprise Linux 8 | RedHat | virt:rhel-8100020240905091210.489197e6 | * |
| Red Hat Enterprise Linux 9 | RedHat | qemu-kvm-17:9.0.0-10.el9_5 | * |
| Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | qemu-kvm-17:7.2.0-14.el9_2.14 | * |
| Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | qemu-kvm-17:8.2.0-11.el9_4.8 | * |
| Red Hat OpenShift Container Platform 4.13 | RedHat | rhcos-413.92.202409180051-0 | * |
| Red Hat OpenShift Container Platform 4.14 | RedHat | rhcos-414.92.202411130444-0 | * |
| Red Hat OpenShift Container Platform 4.15 | RedHat | rhcos-415.92.202409162258-0 | * |
| Red Hat OpenShift Container Platform 4.15 | RedHat | rhcos-415.92.202411050056-0 | * |
| Qemu | Ubuntu | devel | * |
| Qemu | Ubuntu | oracular | * |
| Qemu | Ubuntu | upstream | * |
Synchronization refers to a variety of behaviors and mechanisms that allow two or more independently-operating processes or threads to ensure that they operate on shared resources in predictable ways that do not interfere with each other. Some shared resource operations cannot be executed atomically; that is, multiple steps must be guaranteed to execute sequentially, without any interference by other processes. Synchronization mechanisms vary widely, but they may include locking, mutexes, and semaphores. When a multi-step operation on a shared resource cannot be guaranteed to execute independent of interference, then the resulting behavior can be unpredictable. Improper synchronization could lead to data or memory corruption, denial of service, etc.