{"vulnerability": "RHSA-2024:6964", "sightings": [{"uuid": "fd7185d7-1f29-4c7a-901a-4be277b11b78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "RHSA-2024:6964", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14626", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-3446\n\ud83d\udd25 CVSS Score: 8.2 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host.\n\ud83d\udccf Published: 2024-04-09T19:34:45.646Z\n\ud83d\udccf Modified: 2025-05-02T23:02:59.338Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/errata/RHSA-2024:6964\n2. https://access.redhat.com/security/cve/CVE-2024-3446\n3. https://bugzilla.redhat.com/show_bug.cgi?id=2274211\n4. https://patchew.org/QEMU/20240409105537.18308-1-philmd@linaro.org/", "creation_timestamp": "2025-05-02T23:17:21.000000Z"}, {"uuid": "067e2e67-8746-4448-ab59-25183c3150c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "RHSA-2024:6964", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14625", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-7409\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline.\n\ud83d\udccf Published: 2024-08-05T13:19:27.498Z\n\ud83d\udccf Modified: 2025-05-02T23:03:01.411Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/errata/RHSA-2024:10518\n2. https://access.redhat.com/errata/RHSA-2024:10528\n3. https://access.redhat.com/errata/RHSA-2024:10813\n4. https://access.redhat.com/errata/RHSA-2024:6811\n5. https://access.redhat.com/errata/RHSA-2024:6818\n6. https://access.redhat.com/errata/RHSA-2024:6964\n7. https://access.redhat.com/errata/RHSA-2024:7408\n8. https://access.redhat.com/errata/RHSA-2024:8991\n9. https://access.redhat.com/errata/RHSA-2024:9136\n10. https://access.redhat.com/errata/RHSA-2024:9620\n11. https://access.redhat.com/errata/RHSA-2024:9912\n12. https://access.redhat.com/security/cve/CVE-2024-7409\n13. https://bugzilla.redhat.com/show_bug.cgi?id=2302487", "creation_timestamp": "2025-05-02T23:17:20.000000Z"}]}