Medium severity6.5NVD Advisory· Published Apr 3, 2024· Updated Apr 15, 2026
CVE-2024-31420
CVE-2024-31420
Description
A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics enabled to cause a denial of service by issuing a high number of calls to vm-dump-metrics --virtio and then deleting the virtual machine.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
kubevirt.io/kubevirtGo | <= 1.2.0 | — |
Affected products
36- osv-coords36 versionspkg:apk/chainguard/docker-machine-driver-harvesterpkg:apk/chainguard/virt-api-1.6pkg:apk/chainguard/virt-api-1.7pkg:apk/chainguard/virt-api-1.8pkg:apk/chainguard/virt-api-fips-1.6pkg:apk/chainguard/virt-api-fips-1.7pkg:apk/chainguard/virt-api-fips-1.8pkg:apk/chainguard/virt-chroot-1.6pkg:apk/chainguard/virt-chroot-1.7pkg:apk/chainguard/virt-chroot-1.8pkg:apk/chainguard/virt-chroot-fips-1.6pkg:apk/chainguard/virt-chroot-fips-1.7pkg:apk/chainguard/virt-chroot-fips-1.8pkg:apk/chainguard/virt-controller-1.6pkg:apk/chainguard/virt-controller-1.7pkg:apk/chainguard/virt-controller-1.8pkg:apk/chainguard/virt-controller-fips-1.6pkg:apk/chainguard/virt-controller-fips-1.7pkg:apk/chainguard/virt-controller-fips-1.8pkg:apk/chainguard/virt-handler-1.6pkg:apk/chainguard/virt-handler-1.7pkg:apk/chainguard/virt-handler-1.8pkg:apk/chainguard/virt-handler-fips-1.6pkg:apk/chainguard/virt-handler-fips-1.7pkg:apk/chainguard/virt-handler-fips-1.8pkg:apk/chainguard/virt-launcher-1.6-virt-freezerpkg:apk/chainguard/virt-launcher-1.6-virt-launcher-monitorpkg:apk/chainguard/virt-launcher-1.6-virt-probepkg:apk/chainguard/virt-launcher-1.6-virt-tailpkg:apk/chainguard/virt-operator-1.7pkg:apk/chainguard/virt-operator-1.8pkg:apk/chainguard/virt-operator-fips-1.6pkg:apk/chainguard/virt-operator-fips-1.7pkg:apk/chainguard/virt-operator-fips-1.8pkg:apk/wolfi/docker-machine-driver-harvesterpkg:golang/kubevirt.io/kubevirt
< 0+ 35 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.6.6-r2
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.6.6-r3
- (no CPE)range: < 1.6.6-r3
- (no CPE)range: < 1.6.6-r3
- (no CPE)range: < 1.6.6-r3
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.6.6-r2
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: <= 1.2.0
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.