Lucene search
RedhatCVE-2024-4467HistoryJul 02, 2024 - 4:15 p.m.
CVE-2024-4467
2024-07-0216:15:05
CWE-400
redhat
web.nvd.nist.gov
37
qemu
disk image
denial of service
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
13.8%
A flaw was found in the QEMU disk image utility (qemu-img) ‘info’ command. A specially crafted image file containing a json:{} value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file.
CNA Affected
[
{
"vendor": "Red Hat",
"product": "Advanced Virtualization for RHEL 8.2.1",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "virt:8.2",
"defaultStatus": "affected",
"versions": [
{
"version": "8020120240708124623.863bb0db",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8.2::el8"
]
},
{
"vendor": "Red Hat",
"product": "Advanced Virtualization for RHEL 8.4.0.EUS",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "virt:av",
"defaultStatus": "affected",
"versions": [
{
"version": "8040020240708093550.522a0ee4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8.4::el8"
]
},
{
"vendor": "Red Hat",
"product": "Advanced Virtualization for RHEL 8.4.0.EUS",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "virt-devel:av",
"defaultStatus": "affected",
"versions": [
{
"version": "8040020240708093550.522a0ee4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8.4::el8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "virt-devel:rhel",
"defaultStatus": "affected",
"versions": [
{
"version": "8100020240704072441.489197e6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/a:redhat:enterprise_linux:8::crb"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "virt:rhel",
"defaultStatus": "affected",
"versions": [
{
"version": "8100020240704072441.489197e6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/a:redhat:enterprise_linux:8::crb"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "virt:rhel",
"defaultStatus": "affected",
"versions": [
{
"version": "8040020240703100448.522a0ee4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "virt:rhel",
"defaultStatus": "affected",
"versions": [
{
"version": "8040020240703100448.522a0ee4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "virt:rhel",
"defaultStatus": "affected",
"versions": [
{
"version": "8040020240703100448.522a0ee4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "virt:rhel",
"defaultStatus": "affected",
"versions": [
{
"version": "8060020240703092415.ad008a3a",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "virt:rhel",
"defaultStatus": "affected",
"versions": [
{
"version": "8060020240703092415.ad008a3a",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "virt:rhel",
"defaultStatus": "affected",
"versions": [
{
"version": "8060020240703092415.ad008a3a",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "virt-devel:rhel",
"defaultStatus": "affected",
"versions": [
{
"version": "8080020240703085245.63b34585",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:rhel_eus:8.8::appstream",
"cpe:/a:redhat:rhel_eus:8.8::crb"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "virt:rhel",
"defaultStatus": "affected",
"versions": [
{
"version": "8080020240703085245.63b34585",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:rhel_eus:8.8::appstream",
"cpe:/a:redhat:rhel_eus:8.8::crb"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "qemu-kvm",
"defaultStatus": "affected",
"versions": [
{
"version": "17:8.2.0-11.el9_4.4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "qemu-kvm",
"defaultStatus": "affected",
"versions": [
{
"version": "17:6.2.0-11.el9_0.9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "qemu-kvm",
"defaultStatus": "affected",
"versions": [
{
"version": "17:7.2.0-14.el9_2.11",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::appstream"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 6",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "qemu-kvm",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "qemu-kvm",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "qemu-kvm-ma",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "virt:av/qemu-kvm",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8::el8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Virtualization 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "container-native-virtualization/virt-cdi-operator-rhel9",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
]
}
]References
access.redhat.com/errata/RHSA-2024:4276
access.redhat.com/errata/RHSA-2024:4277
access.redhat.com/errata/RHSA-2024:4278
access.redhat.com/errata/RHSA-2024:4372
access.redhat.com/errata/RHSA-2024:4373
access.redhat.com/errata/RHSA-2024:4374
access.redhat.com/errata/RHSA-2024:4420
access.redhat.com/errata/RHSA-2024:4724
access.redhat.com/errata/RHSA-2024:4727
access.redhat.com/security/cve/CVE-2024-4467
bugzilla.redhat.com/show_bug.cgi?id=2278875
Related
openvas
openvas
Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2024-2405)
2024-09-12 00:00:00
openSUSE: Security Advisory for qemu (SUSE-SU-2024:3077-1)
2024-09-04 00:00:00
Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2024-2380)
2024-09-12 00:00:00
nessus
nessus
AlmaLinux 9 : qemu-kvm (ALSA-2024:4278)
2024-07-03 00:00:00
RHEL 8 : virt:rhel and virt-devel:rhel (RHSA-2024:4420)
2024-07-10 00:00:00
RHEL 9 : qemu-kvm (RHSA-2024:4276)
2024-07-02 00:00:00
osv
osv
Important: virt:rhel and virt-devel:rhel security update
2024-07-09 00:00:00
Important: qemu-kvm security update
2024-07-02 00:00:00
CVE-2024-4467
2024-07-02 16:15:00
nvd
nvd
CVE-2024-4467
2024-07-02 16:15:05
almalinux
almalinux
Important: qemu-kvm security update
2024-07-02 00:00:00
Important: virt:rhel and virt-devel:rhel security update
2024-07-09 00:00:00
oraclelinux
oraclelinux
qemu-kvm security update
2024-07-02 00:00:00
virt:ol and virt-devel:rhel security update
2024-07-12 00:00:00
virt:kvm_utils3 security update
2024-09-02 00:00:00
redhatcve
redhatcve
CVE-2024-4467
2024-07-02 15:56:35
CVE-2024-32498
2024-07-02 17:32:55
vulnrichment
vulnrichment
CVE-2024-4467 Qemu-kvm: 'qemu-img info' leads to host file read/write
2024-07-02 15:57:23
debiancve
debiancve
CVE-2024-4467
2024-07-02 16:15:05
ubuntucve
ubuntucve
CVE-2024-4467
2024-07-02 00:00:00
cvelist
cvelist
CVE-2024-4467 Qemu-kvm: 'qemu-img info' leads to host file read/write
2024-07-02 15:57:23
virtuozzo
virtuozzo
Virtuozzo Hybrid Infrastructure 6.1 Update 1.5 (6.1.1-49)
2024-07-17 00:00:00
Virtuozzo Hybrid Infrastructure 6.0 Update 1.9 (6.0.1-102)
2024-07-17 00:00:00
Virtuozzo Hybrid Infrastructure 6.2 (6.2.0-142)
2024-07-17 00:00:00
amazon
amazon
Important: qemu
2024-08-14 19:06:00
redhat
redhat
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
13.8%
Related for CVE-2024-4467