CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
9.0%
A flaw was found in the QEMU Virtio PCI Bindings (hw/virtio/virtio-pci.c).
An improper release and use of the irqfd for vector 0 during the boot
process leads to a guest triggerable crash via vhost_net_stop(). This flaw
allows a malicious guest to crash the QEMU process on the host.
Author | Note |
---|---|
mdeslaur | per Debian, introduced in 8.0.0-rc0 with the following commit: https://gitlab.com/qemu-project/qemu/-/commit/f9a09ca3ea69d108d828b7c82f1bd61b2df6fc96 original fix was incomplete, see bugs |