Base Score

HIGH7.5

CVE-2024-7409

A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline.

VectorNETWORK

Published Bysecalert@redhat.com

Published DateAug 05, 2024, 14:15

Weakness Type (CWE):CWE-662

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH

References

https://access.redhat.com/errata/RHSA-2024:10518
https://access.redhat.com/errata/RHSA-2024:10528
https://access.redhat.com/errata/RHSA-2024:10813
https://access.redhat.com/errata/RHSA-2024:6811
https://access.redhat.com/errata/RHSA-2024:6818
https://access.redhat.com/errata/RHSA-2024:6964
https://access.redhat.com/errata/RHSA-2024:7408
https://access.redhat.com/errata/RHSA-2024:8991
https://access.redhat.com/errata/RHSA-2024:9136
https://access.redhat.com/errata/RHSA-2024:9620
https://access.redhat.com/errata/RHSA-2024:9912
https://access.redhat.com/security/cve/CVE-2024-7409
https://bugzilla.redhat.com/show_bug.cgi?id=2302487
https://lists.debian.org/debian-lts-announce/2025/09/msg00011.html
https://security.netapp.com/advisory/ntap-20250502-0008/

Base Score

HIGH7.5

Weakness Type (CWE):CWE-662

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH