VYPR
Medium severity6.5NVD Advisory· Published Apr 3, 2024· Updated Apr 15, 2026

CVE-2024-31420

CVE-2024-31420

Description

A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics enabled to cause a denial of service by issuing a high number of calls to vm-dump-metrics --virtio and then deleting the virtual machine.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
kubevirt.io/kubevirtGo
<= 1.2.0

Affected products

36

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.