A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the
Linux kernel, which does not properly initialize memory in messages passed
between virtual guests and the host operating system in the
vhost/vhost.c:vhost_new_msg() function. This issue can allow local
privileged users to read some kernel memory contents when reading from the
/dev/vhost-net device file.
Author | Note |
---|---|
Priority reason: On Ubuntu, /dev/vhost-net access requires being in the kvm group (or root). |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | <Â 5.4.0-173.191 | UNKNOWN |
ubuntu | 22.04 | noarch | linux | <Â 5.15.0-100.110 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | <Â 5.4.0-1120.130 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | <Â 5.15.0-1056.61 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | <Â 5.15.0-1056.61~20.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws-5.4 | <Â 5.4.0-1120.130~18.04.1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | <Â 5.4.0-1126.133 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure | <Â 5.15.0-1058.66 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure-5.15 | <Â 5.15.0-1058.66~20.04.2 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-azure-5.4 | <Â 5.4.0-1126.133~18.04.1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
access.redhat.com/security/cve/CVE-2024-0340
git.kernel.org/linus/4d8df0f5f79f747d75a7d356d9b9ea40a4e4c8a9 (6.4-rc6)
launchpad.net/bugs/cve/CVE-2024-0340
lore.kernel.org/lkml/5kn47peabxjrptkqa6dwtyus35ahf4pcj4qm4pumse33kxqpjw@mec4se5relrc/T/
nvd.nist.gov/vuln/detail/CVE-2024-0340
security-tracker.debian.org/tracker/CVE-2024-0340
ubuntu.com/security/notices/USN-6681-1
ubuntu.com/security/notices/USN-6681-2
ubuntu.com/security/notices/USN-6681-3
ubuntu.com/security/notices/USN-6681-4
ubuntu.com/security/notices/USN-6686-1
ubuntu.com/security/notices/USN-6686-2
ubuntu.com/security/notices/USN-6686-3
ubuntu.com/security/notices/USN-6686-4
ubuntu.com/security/notices/USN-6686-5
ubuntu.com/security/notices/USN-6688-1
ubuntu.com/security/notices/USN-6705-1
ubuntu.com/security/notices/USN-6716-1
www.cve.org/CVERecord?id=CVE-2024-0340