You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2024 6505
About this tag
CVE-2024-6505 is a vulnerability in QEMU's virtio-net RSS (Receive Side Scaling) implementation that can lead to a denial-of-service condition on the host. The bug allows an attacker with elevated privileges inside a guest virtual machine to manipulate the RSS indirection table, causing a host-side index out-of-bounds access that crashes the qemu-kvm process. This issue is particularly relevant in multi-tenant setups where untrusted virtual machines are run, as it can be exploited to disrupt service availability. The vulnerability primarily impacts availability, with no reported effects on confidentiality or integrity. Discussions on WindowsForum.com focus on the practical risks for operators managing such environments and the implications for host stability.
A subtle bug in QEMU’s virtio-net RSS implementation has been quietly remaking risk calculations for operators who run multi‑tenant or untrusted virtual machines: when RSS (Receive Side Scaling) is enabled for the virtio‑net device, an attacker with elevated privileges inside the guest can...