mirror of
https://git.yoctoproject.org/poky
synced 2026-03-10 01:09:40 +01:00
e0736e9b27
A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest to crash the QEMU process on the host, resulting in a d enial of service or allow arbitrary code execution within the context of the QEMU process on the host. CVE-2024-3446-0004, CVE-2024-3446-0005, CVE-2024-3446-0006 are CVE fix and CVE-2024-3446-0001, CVE-2024-3446-0002, CVE-2024-3446-0003 are dependent commits to fix the CVE. References: https://nvd.nist.gov/vuln/detail/CVE-2024-3446 Upstream patches:9c86c97f12f63192b054ec0504b989ba28e0ff4db4295bff25f4729ec39a(From OE-Core rev: db7e3a56656db0bc61ec2e35ccc149e9b90a389b) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>