High severity8.2NVD Advisory· Published Apr 9, 2024· Updated Apr 15, 2026

CVE-2024-3446

Description

A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/errata/RHSA-2024:6964nvd
access.redhat.com/security/cve/CVE-2024-3446nvd
bugzilla.redhat.com/show_bug.cginvd
patchew.org/QEMU/20240409105537.18308-1-philmd@linaro.org/nvd
security.netapp.com/advisory/ntap-20250502-0007/nvd

News mentions

No linked articles in our index yet.

cvss	0.533
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000