Bug 2302487 (CVE-2024-7409)

Summary: CVE-2024-7409 QEMU: Denial of Service via Improper Synchronization in QEMU NBD Server During Socket Closure
Product: [Other] Security Response Reporter: Michal Findra <mfindra>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: ailan, ddepaula, jen, jferlan, jmaloy, kkiwi, knoel, mrezanin, mst, nilal, pbonzini, ymankad
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michal Findra 2024-08-02 11:35:01 UTC 
A flaw was discovered in the qemu code for temporarily exposing an NBD 
server (used for storage migration and other tasks), where qemu can
crash if a client still has a socket open at the time the server is
taken offline. Even when qemu is set up to only accept clients with
proper TLS credentials, an attacker without the TLS credentials can
exploit the flaw by connecting a second socket while a storage
migration is ongoing through the intended socket, where the attacker
then stalls the NBD handshake to not reach the point of the TLS
negotiation, then waiting for the server to go offline. When the NBD
server is stopped, closing the attacker's socket can cause qemu to
crash, forming a denial of service attack.
Comment 3 errata-xmlrpc 2024-09-24 03:22:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:6964 https://access.redhat.com/errata/RHSA-2024:6964
Comment 4 errata-xmlrpc 2024-09-24 15:28:12 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2024:6824 https://access.redhat.com/errata/RHSA-2024:6824
Comment 5 errata-xmlrpc 2024-09-25 01:06:58 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2024:6811 https://access.redhat.com/errata/RHSA-2024:6811
Comment 6 errata-xmlrpc 2024-09-25 13:59:33 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2024:6818 https://access.redhat.com/errata/RHSA-2024:6818
Comment 7 errata-xmlrpc 2024-10-01 02:43:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:7408 https://access.redhat.com/errata/RHSA-2024:7408
Comment 8 errata-xmlrpc 2024-11-12 08:56:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:9136 https://access.redhat.com/errata/RHSA-2024:9136
Comment 9 errata-xmlrpc 2024-11-13 18:35:20 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2024:8991 https://access.redhat.com/errata/RHSA-2024:8991
Comment 10 errata-xmlrpc 2024-11-19 02:29:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2024:9912 https://access.redhat.com/errata/RHSA-2024:9912
Comment 11 errata-xmlrpc 2024-11-20 04:18:21 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2024:9620 https://access.redhat.com/errata/RHSA-2024:9620
Comment 12 errata-xmlrpc 2024-12-03 18:08:15 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2024:10518 https://access.redhat.com/errata/RHSA-2024:10518
Comment 13 errata-xmlrpc 2024-12-04 04:02:00 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2024:10528 https://access.redhat.com/errata/RHSA-2024:10528
Comment 14 errata-xmlrpc 2024-12-12 02:08:19 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2024:10813 https://access.redhat.com/errata/RHSA-2024:10813