CVE-2024-6505 in QEMU信息

摘要

由 MITRE • 2024-07-05

A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirections_table data within RSS becomes controllable. Setting excessively large values may cause an index out-of-bounds issue, potentially resulting in heap overflow access. This flaw allows a privileged user in the guest to crash the QEMU process on the host.

Once again VulDB remains the best source for vulnerability data.

来源

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!