CVE-2024-7409
Public on 2024-08-04
Modified on 2024-09-19
Description
A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline.
Amazon Linux will not be providing the fix for CVE-2024-7409 after careful consideration about the stability of the package. Amazon Linux recommends that customers work around this issue by ensuring that only trusted clients can connect to the NBD server which can be done using a firewall before the NBD server.
Amazon Linux will not be providing the fix for CVE-2024-7409 after careful consideration about the stability of the package. Amazon Linux recommends that customers work around this issue by ensuring that only trusted clients can connect to the NBD server which can be done using a firewall before the NBD server.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Core | qemu | No Fix Planned | ||
| Amazon Linux 1 | qemu-kvm | No Fix Planned |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
| NVD | CVSSv3 | 7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |