CVE-2024-7409
Public on 2024-08-04
Modified on 2024-09-19
Description
A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline.
HAQM Linux will not be providing the fix for CVE-2024-7409 after careful consideration about the stability of the package. HAQM Linux recommends that customers work around this issue by ensuring that only trusted clients can connect to the NBD server which can be done using a firewall before the NBD server.
HAQM Linux will not be providing the fix for CVE-2024-7409 after careful consideration about the stability of the package. HAQM Linux recommends that customers work around this issue by ensuring that only trusted clients can connect to the NBD server which can be done using a firewall before the NBD server.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| HAQM Linux 2 - Core | qemu | No Fix Planned | ||
| HAQM Linux 1 | qemu-kvm | No Fix Planned |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| HAQM Linux | CVSSv3 | 5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
| NVD | CVSSv3 | 7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |