CVE-2024-6505
Qemu-kvm: virtio-net: queue index out-of-bounds access in software rss
CVSS Score
6.8
EPSS Score
0.0%
EPSS Percentile
0th
A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirections_table data within RSS becomes controllable. Setting excessively large values may cause an index out-of-bounds issue, potentially resulting in heap overflow access. This flaw allows a privileged user in the guest to crash the QEMU process on the host.
| CWE | CWE-125 |
| Published | Jul 5, 2024 |
| Last Updated | Nov 8, 2025 |
Stay Ahead of the Next One
Get instant alerts for
Be the first to know when new medium vulnerabilities are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High
Affected Versions
Red Hat / Red Hat Enterprise Linux 10
All versions affected Red Hat / Red Hat Enterprise Linux 6
All versions affected Red Hat / Red Hat Enterprise Linux 7
All versions affected Red Hat / Red Hat Enterprise Linux 7
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8 Advanced Virtualization
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected