Bug 2276111 (CVE-2024-3979)

Summary: CVE-2024-3979 vsomeip: race condition may lead to crashes or inconsistent behavior
Product: [Other] Security Response Reporter: Robb Gatica <rgatica>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2276112    
Bug Blocks:    

Description Robb Gatica 2024-04-19 18:44:45 UTC 
A vulnerability, which was classified as problematic, has been found in COVESA vsomeip up to 3.4.10. Affected by this issue is some unknown functionality. The manipulation leads to race condition. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261596.

https://github.com/COVESA/vsomeip/files/14904610/details.zip
https://github.com/COVESA/vsomeip/issues/663
https://vuldb.com/?ctiid.261596
https://vuldb.com/?id.261596
https://vuldb.com/?submit.312410
Comment 1 Robb Gatica 2024-04-19 18:44:58 UTC 
Created vsomeip3 tracking bugs for this issue:

Affects: fedora-all [bug 2276112]