CVE-2024-7409
Advisory lineage Upstream: 0 Downstream: 19
Deferred
Published: 05 Aug 2024, 13:19
Last modified:02 Mar 2026, 21:50
Vulnerability Summary
Overall Risk (default)
medium
30/100 CVSS Score
7.5 HIGH
v3.0 (cve.org)
EPSS Score
1.85% LOW
2% probability +0.14%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
05 Aug 2024, 13:19
Published
Vulnerability first disclosed
02 Mar 2026, 21:50
Last Modified
Vulnerability information updated
Description
A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline.
CVSS Metrics
- v3.0•HIGH•Score: 7.5CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Trends
Current EPSS score: 1.85%• Percentile: 83%
Techniques & Countermeasures
- CWE-662•Improper Synchronization
The product utilizes multiple threads, processes, components, or systems to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes.
References (15)
- https://access.redhat.com/errata/RHSA-2024:10518
- https://access.redhat.com/errata/RHSA-2024:10528
- https://access.redhat.com/errata/RHSA-2024:10813
- https://access.redhat.com/errata/RHSA-2024:6811
- https://access.redhat.com/errata/RHSA-2024:6818
- https://access.redhat.com/errata/RHSA-2024:6964
- https://access.redhat.com/errata/RHSA-2024:7408
- https://access.redhat.com/errata/RHSA-2024:8991
- https://access.redhat.com/errata/RHSA-2024:9136
- https://access.redhat.com/errata/RHSA-2024:9620
- https://access.redhat.com/errata/RHSA-2024:9912
- https://access.redhat.com/security/cve/CVE-2024-7409
- https://bugzilla.redhat.com/show_bug.cgi?id=2302487
- https://security.netapp.com/advisory/ntap-20250502-0008/
- https://lists.debian.org/debian-lts-announce/2025/09/msg00011.html