Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2024-0340
HistoryJan 09, 2024 - 12:00 a.m.

CVE-2024-0340

2024-01-0900:00:00
ubuntu.com
ubuntu.com
14
cve-2024-0340
linux kernel
memory initialization
vhost_new_msg
guest operating system
privileged users
kernel memory contents
vhost-net device file
bugzilla
ubuntu
kvm group

5.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON

A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the
Linux kernel, which does not properly initialize memory in messages passed
between virtual guests and the host operating system in the
vhost/vhost.c:vhost_new_msg() function. This issue can allow local
privileged users to read some kernel memory contents when reading from the
/dev/vhost-net device file.

Bugs

Notes

Author Note
Priority reason: On Ubuntu, /dev/vhost-net access requires being in the kvm group (or root).
OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchlinux< 5.4.0-173.191UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-100.110UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1120.130UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1056.61UNKNOWN
ubuntu20.04noarchlinux-aws-5.15< 5.15.0-1056.61~20.04.1UNKNOWN
ubuntu18.04noarchlinux-aws-5.4< 5.4.0-1120.130~18.04.1) Available with Ubuntu Pro or Ubuntu Pro (Infra-onlyUNKNOWN
ubuntu20.04noarchlinux-azure< 5.4.0-1126.133UNKNOWN
ubuntu22.04noarchlinux-azure< 5.15.0-1058.66UNKNOWN
ubuntu20.04noarchlinux-azure-5.15< 5.15.0-1058.66~20.04.2UNKNOWN
ubuntu18.04noarchlinux-azure-5.4< 5.4.0-1126.133~18.04.1) Available with Ubuntu Pro or Ubuntu Pro (Infra-onlyUNKNOWN
Rows per page:
1-10 of 481

References

Related

cnvd 1
cbl_mariner 1
debiancve 1
cvelist 1
cve 1
prion 1
redhatcve 1
oraclelinux 3
photon 3
nessus 40
openvas 29
ubuntu 12
osv 13
debian 2
cnvd
cnvd
Linux kernel code issue vulnerability (CNVD-2024-06235)
2024-01-12 00:00:00
cbl_mariner
cbl_mariner
CVE-2024-0340 affecting package kernel for versions less than 5.15.153.1-1
2024-04-09 20:48:36
debiancve
debiancve
CVE-2024-0340
2024-01-09 18:15:47
cvelist
cvelist
CVE-2024-0340 Kernel: information disclosure in vhost/vhost.c:vhost_new_msg()
2024-01-09 17:36:11
cve
cve
CVE-2024-0340
2024-01-09 18:15:47
prion
prion
Design/Logic Flaw
2024-01-09 18:15:00
redhatcve
redhatcve
CVE-2024-0340
2024-01-09 12:31:08
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2024-04-08 00:00:00
Unbreakable Enterprise kernel-container security update
2024-04-08 00:00:00
Unbreakable Enterprise kernel-container security update
2024-04-08 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2024-3.0-0718
2024-01-26 00:00:00
Critical Photon OS Security Update - PHSA-2024-4.0-0556
2024-01-25 00:00:00
Critical Photon OS Security Update - PHSA-2024-5.0-0195
2024-01-25 00:00:00
nessus
nessus
Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2024-12275)
2024-04-09 00:00:00
Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2024-12271)
2024-04-09 00:00:00
Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2024-12274)
2024-04-09 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6681-2)
2024-03-12 00:00:00
Ubuntu: Security Advisory (USN-6681-3)
2024-03-14 00:00:00
Ubuntu: Security Advisory (USN-6681-4)
2024-03-21 00:00:00
ubuntu
ubuntu
Linux kernel (AWS) vulnerabilities
2024-03-19 00:00:00
Linux kernel vulnerabilities
2024-03-13 00:00:00
Linux kernel vulnerabilities
2024-03-06 00:00:00
osv
osv
linux, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-iot, linux-kvm, linux-raspi vulnerabilities
2024-03-06 22:37:10
linux-bluefield, linux-raspi-5.4, linux-xilinx-zynqmp vulnerabilities
2024-03-11 20:25:12
linux-ibm, linux-ibm-5.4, linux-oracle, linux-oracle-5.4 vulnerabilities
2024-03-13 16:43:52
debian
debian
[SECURITY] [DSA 5658-1] linux security update
2024-04-13 06:38:27
[SECURITY] [DSA 5681-1] linux security update
2024-05-06 18:31:39

5.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON
Related for UB:CVE-2024-0340
cnvd1cbl_mariner1debiancve1cvelist1cve1prion1redhatcve1oraclelinux3photon3nessus40openvas29ubuntu12osv13debian2