CVE-2024-7409
Public on 2024-08-04
Modified on 2024-09-19
Description
A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline.
HAQM Linux will not be providing the fix for CVE-2024-7409 after careful consideration about the stability of the package. HAQM Linux recommends that customers work around this issue by ensuring that only trusted clients can connect to the NBD server which can be done using a firewall before the NBD server.
HAQM Linux will not be providing the fix for CVE-2024-7409 after careful consideration about the stability of the package. HAQM Linux recommends that customers work around this issue by ensuring that only trusted clients can connect to the NBD server which can be done using a firewall before the NBD server.
Severity
CVSS v3 Base Score
See breakdown
Affected Packages
Platform | Package | Release Date | Advisory | Status |
---|---|---|---|---|
HAQM Linux 2 - Core | qemu | No Fix Planned | ||
HAQM Linux 1 | qemu-kvm | No Fix Planned |
CVSS Scores
Score Type | Score | Vector | |
---|---|---|---|
HAQM Linux | CVSSv3 | 5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
NVD | CVSSv3 | 7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |