CVE-2024-31420
published 2024-04-03CVE-2024-31420: A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics…
PriorityP431medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
0.64%
46.0th percentile
A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics enabled to cause a denial of service by issuing a high number of calls to vm-dump-metrics --virtio and then deleting the virtual machine.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kubevirt.io | kubevirt | 0 – 1.2.0 | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
KubeVirt NULL pointer dereference flaw in kubevirt.io/kubevirt
osv·2024-06-05
CVE-2024-31420 KubeVirt NULL pointer dereference flaw in kubevirt.io/kubevirt
KubeVirt NULL pointer dereference flaw in kubevirt.io/kubevirt
KubeVirt NULL pointer dereference flaw in kubevirt.io/kubevirt
OSV
KubeVirt NULL pointer dereference flaw
osv·2024-04-03
CVE-2024-31420 [MEDIUM] KubeVirt NULL pointer dereference flaw
KubeVirt NULL pointer dereference flaw
A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics enabled to cause a denial of service by issuing a high number of calls to vm-dump-metrics --virtio and then deleting the virtual machine.
GHSA
KubeVirt NULL pointer dereference flaw
ghsa·2024-04-03
CVE-2024-31420 [MEDIUM] CWE-476 KubeVirt NULL pointer dereference flaw
KubeVirt NULL pointer dereference flaw
A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics enabled to cause a denial of service by issuing a high number of calls to vm-dump-metrics --virtio and then deleting the virtual machine.
Red Hat
cnv: DoS through repeatedly calling vm-dump-metrics until virt handler crashes
vendor_redhat·2024-04-03·CVSS 6.5
CVE-2024-31420 [MEDIUM] CWE-476 cnv: DoS through repeatedly calling vm-dump-metrics until virt handler crashes
cnv: DoS through repeatedly calling vm-dump-metrics until virt handler crashes
A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics enabled to cause a denial of service by issuing a high number of calls to vm-dump-metrics --virtio and then deleting the virtual machine.
A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics enabled to cause a denial of service by issuing a high number of calls to vm-dump-metrics --virtio and then deleting the virtual machine.
Package: kubevirt (Red Hat OpenShift Virtualization 4) - Not affected
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-04-03
Published