5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.1 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the
Linux kernel, which does not properly initialize memory in messages passed
between virtual guests and the host operating system in the
vhost/vhost.c:vhost_new_msg() function. This issue can allow local
privileged users to read some kernel memory contents when reading from the
/dev/vhost-net device file.
Author | Note |
---|---|
Priority reason: On Ubuntu, /dev/vhost-net access requires being in the kvm group (or root). |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | < 5.4.0-173.191 | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < 5.15.0-100.110 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1120.130 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1056.61 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < 5.15.0-1056.61~20.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws-5.4 | < 5.4.0-1120.130~18.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < 5.4.0-1126.133 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure | < 5.15.0-1058.66 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure-5.15 | < 5.15.0-1058.66~20.04.2 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-azure-5.4 | < 5.4.0-1126.133~18.04.1 | UNKNOWN |
access.redhat.com/security/cve/CVE-2024-0340
git.kernel.org/linus/4d8df0f5f79f747d75a7d356d9b9ea40a4e4c8a9 (6.4-rc6)
launchpad.net/bugs/cve/CVE-2024-0340
lore.kernel.org/lkml/5kn47peabxjrptkqa6dwtyus35ahf4pcj4qm4pumse33kxqpjw@mec4se5relrc/T/
nvd.nist.gov/vuln/detail/CVE-2024-0340
security-tracker.debian.org/tracker/CVE-2024-0340
ubuntu.com/security/notices/USN-6681-1
ubuntu.com/security/notices/USN-6681-2
ubuntu.com/security/notices/USN-6681-3
ubuntu.com/security/notices/USN-6681-4
ubuntu.com/security/notices/USN-6686-1
ubuntu.com/security/notices/USN-6686-2
ubuntu.com/security/notices/USN-6686-3
ubuntu.com/security/notices/USN-6686-4
ubuntu.com/security/notices/USN-6686-5
ubuntu.com/security/notices/USN-6688-1
ubuntu.com/security/notices/USN-6705-1
ubuntu.com/security/notices/USN-6716-1
www.cve.org/CVERecord?id=CVE-2024-0340
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.1 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%