CVE-2024-0340
Published Jan 9, 2024
Last updated 2 days ago
Overview
- Description
- A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
- secalert@redhat.com
- CWE-200
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "18D12E25-2947-44E7-989D-24450E013A1F",
"versionEndExcluding": "6.4"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38BC6744-7D25-4C02-9966-B224CD071D30"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "76061B41-CAE9-4467-BEDE-0FFC7956F2A1"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A717BA5B-D535-46A0-A329-A25FE5CEC588"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "89CC80C6-F1EE-4AC7-BD21-DB3217BADE87"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.4:rc5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "41EACEA1-FB69-4AF2-BC52-D39489858D42"
}
],
"operator": "OR"
}
]
}
]