7 matches found
GHSA-VJHF-6XFR-5P9G KubeVirt NULL pointer dereference flaw
A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics enabled to cause a denial of service by issuing a high number of calls to vm-dump-metrics --virtio and then deleting the virtual machine...
KubeVirt NULL pointer dereference flaw
A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics enabled to cause a denial of service by issuing a high number of calls to vm-dump-metrics --virtio and then deleting the virtual machine...
CVE-2024-31420 Cnv: dos through repeatedly calling vm-dump-metrics until virt handler crashes
A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics enabled to cause a denial of service by issuing a high number of calls to vm-dump-metrics --virtio and then deleting the virtual machine...
CVE-2024-31420 Cnv: dos through repeatedly calling vm-dump-metrics until virt handler crashes
A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics enabled to cause a denial of service by issuing a high number of calls to vm-dump-metrics --virtio and then deleting the virtual machine...
CVE-2024-31420
KubeVirt has a NULL pointer dereference in vm-dump-metrics --virtio when DownwardMetrics is enabled. An attacker with access to a VM guest on the node can cause a DoS by issuing many calls and then deleting the VM. CVSSv3.1 base score 6.5 (I:N, A:H). No fixed version or patch details are provided...
CVE-2024-31419 Cnv: information disclosure through the usage of vm-dump-metrics
An information disclosure flaw was found in OpenShift Virtualization. The DownwardMetrics feature was introduced to expose host metrics to virtual machine guests and is enabled by default. This issue could expose limited host metrics of a node to any guest in any namespace without being explicitl...
CVE-2024-31420
A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics enabled to cause a denial of service by issuing a high number of calls to vm-dump-metrics --virtio and then deleting the virtual machine...