Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2024-0340

UNKNOWN
Published 2024-01-09T17:36:11.578Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-0340. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
4.4
/10
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2023.03.01
0.000
probability
of exploitation in the wild

There is a 0.0% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-01-25
Exploit Probability
Percentile: 0.051
Higher than 5.1% of all CVEs

Attack Vector Metrics

Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Description

A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Unknown Vendor

Unknown Product

Affected Versions:

0
Red Hat

Red Hat Enterprise Linux 8

Affected Versions:

0:4.18.0-553.5.1.rt7.346.el8_10
Red Hat

Red Hat Enterprise Linux 8

Affected Versions:

0:4.18.0-553.5.1.el8_10
Red Hat

Red Hat Enterprise Linux 9

Affected Versions:

0:5.14.0-503.11.1.el9_5
Red Hat

Red Hat Enterprise Linux 9

Affected Versions:

0:5.14.0-503.11.1.el9_5
Red Hat

Red Hat Enterprise Linux 9.4 Extended Update Support

Affected Versions:

0:5.14.0-427.68.1.el9_4
Red Hat

Red Hat Enterprise Linux 6

Red Hat

Red Hat Enterprise Linux 7

Red Hat

Red Hat Enterprise Linux 7

Red Hat

Red Hat Enterprise Linux 9

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-59h3-54m2-3jm7

Advisory Details

A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-0340
WEB https://access.redhat.com/errata/RHSA-2024:3618
WEB https://access.redhat.com/errata/RHSA-2024:3627
WEB https://access.redhat.com/errata/RHSA-2024:9315
WEB https://access.redhat.com/errata/RHSA-2025:7526
WEB https://access.redhat.com/security/cve/CVE-2024-0340
WEB https://bugzilla.redhat.com/show_bug.cgi?id=2257406
WEB https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
WEB https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
WEB https://lore.kernel.org/lkml/5kn47peabxjrptkqa6dwtyus35ahf4pcj4qm4pumse33kxqpjw@mec4se5relrc/T

Advisory provided by GitHub Security Advisory Database. Published: January 9, 2024, Modified: May 14, 2025

References

https://access.redhat.com/errata/RHSA-2024:3618
https://access.redhat.com/errata/RHSA-2024:3627
https://access.redhat.com/errata/RHSA-2024:9315
https://access.redhat.com/errata/RHSA-2025:7526
https://access.redhat.com/security/cve/CVE-2024-0340
https://bugzilla.redhat.com/show_bug.cgi?id=2257406
https://lore.kernel.org/lkml/5kn47peabxjrptkqa6dwtyus35ahf4pcj4qm4pumse33kxqpjw@mec4se5relrc/T/
Published: 2024-01-09T17:36:11.578Z
Last Modified: 2025-05-14T03:48:49.109Z
Copied to clipboard!