A flaw was discovered in the qemu code for temporarily exposing an NBD server (used for storage migration and other tasks), where qemu can crash if a client still has a socket open at the time the server is taken offline. Even when qemu is set up to only accept clients with proper TLS credentials, an attacker without the TLS credentials can exploit the flaw by connecting a second socket while a storage migration is ongoing through the intended socket, where the attacker then stalls the NBD handshake to not reach the point of the TLS negotiation, then waiting for the server to go offline. When the NBD server is stopped, closing the attacker's socket can cause qemu to crash, forming a denial of service attack.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:6964 https://access.redhat.com/errata/RHSA-2024:6964
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2024:6824 https://access.redhat.com/errata/RHSA-2024:6824
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2024:6811 https://access.redhat.com/errata/RHSA-2024:6811
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:6818 https://access.redhat.com/errata/RHSA-2024:6818
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:7408 https://access.redhat.com/errata/RHSA-2024:7408