Executive Summary

Informations
Name CVE-2024-42134 First vendor Publication 2024-07-30
Vendor Cve Last vendor Modification 2024-07-30

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

virtio-pci: Check if is_avq is NULL

[bug] In the virtio_pci_common.c function vp_del_vqs, vp_dev->is_avq is involved to determine whether it is admin virtqueue, but this function vp_dev->is_avq
may be empty. For installations, virtio_pci_legacy does not assign a value
to vp_dev->is_avq.

[fix] Check whether it is vp_dev->is_avq before use.

[test] Test with virsh Attach device Before this patch, the following command would crash the guest system

After applying the patch, everything seems to be working fine.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42134

Sources (Detail)

https://git.kernel.org/stable/c/5e2024b0b9b3d5709e3f7e9b92951d7e29154106
https://git.kernel.org/stable/c/c8fae27d141a32a1624d0d0d5419d94252824498
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2024-07-30 17:27:23
  • Multiple Updates
2024-07-30 13:27:26
  • First insertion