CVE-2024-3446

HIGH Year: 2024
CVSS v3 Score
8.2
High
Weakness Type
CWE-415
View all →

Vulnerability Description

A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host.

Related Vulnerabilities

CVE-2020-11900

HIGH
CVSS:8.2(High)

The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Free.

CWE-4152020

CVE-2006-5051

HIGH
CVSS:8.1(High)

Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecifi...

CWE-4152006

CVE-2016-8360

HIGH
CVSS:8.1(High)

An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. A specially crafted URL request sent to the SoftCMS ASP Webserver can cause a double free condition on the server allowing an att...

CWE-4152016

CVE-2022-42915

HIGH
CVSS:8.1(High)

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the pro...

CWE-4152022

CVE-2023-24903

HIGH
CVSS:8.1(High)

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

CWE-4152023