CVE-2024-4693 Qemu-kvm: virtio-pci: improper release of configure vector leads to guest triggerable crash

🗓️ 10 May 2024 12:57:41Reported by redhatType

Improper release of configure vector in QEMU allows guest-triggered cras

Reporter	Title	Published	Views	Family All 49
Tenable Nessus	Azure Linux 3.0 Security Update: qemu (CVE-2024-4693)	22 Jan 202600:00	–	nessus
Tenable Nessus	QEMU < 9.0.0 Multiple Vulnerabilities	6 Jun 202400:00	–	nessus
Tenable Nessus	RHEL 6 : qemu (Unpatched Vulnerability)	11 May 202400:00	–	nessus
Tenable Nessus	RHEL 7 : qemu (Unpatched Vulnerability)	11 May 202400:00	–	nessus
Tenable Nessus	RHEL 8 : qemu (Unpatched Vulnerability)	11 May 202400:00	–	nessus
Tenable Nessus	SUSE SLES15 Security Update : qemu (SUSE-SU-2024:3744-1)	23 Oct 202400:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : qemu (SUSE-SU-2024:4094-1)	12 Dec 202400:00	–	nessus
Tenable Nessus	Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : QEMU vulnerabilities (USN-7094-1)	11 Nov 202400:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2024-4693	5 Mar 202500:00	–	nessus
CBLMariner	CVE-2024-4693 affecting package qemu for versions less than 8.2.0-14	6 May 202521:21	–	cbl_mariner

[
  {
    "repo": "https://gitlab.com/qemu-project/qemu",
    "versions": [
      {
        "status": "unaffected",
        "version": "7eeb62b0ce3a8f64647bf53f93903abd1fbb0b94",
        "lessThan": "*",
        "versionType": "git"
      }
    ],
    "packageName": "qemu",
    "collectionURL": "https://gitlab.com/qemu-project/qemu"
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "qemu-kvm",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "qemu-kvm",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "qemu-kvm-ma",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "virt:rhel/qemu-kvm",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "virt:av/qemu-kvm",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/a:redhat:advanced_virtualization:8::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "qemu-kvm",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/security/cve/CVE-2024-4693

08 Nov 2025 07:13Current

5.5Medium risk

Vulners AI Score5.5

CVSS 3.15.5

EPSS0.00034

CWE-672