Login Sign Up

CVE-2024-4467

7.8 HIGH
Denial of Service

📋 TL;DR

A vulnerability in QEMU's qemu-img utility allows attackers to cause denial of service or potentially read/write to external files by providing a specially crafted disk image with malicious JSON data. This affects systems using qemu-img to inspect disk images, particularly virtualization hosts and cloud infrastructure. The flaw can be triggered by any user who can provide a malicious image file to qemu-img.

💻 Affected Systems

Products:
  • QEMU
  • Red Hat Enterprise Linux
  • Fedora
  • CentOS Stream
  • Other QEMU-based virtualization platforms
Versions: QEMU versions before the patched releases (specific versions in Red Hat advisories)
Operating Systems: Linux distributions with vulnerable QEMU packages
Default Config Vulnerable: ⚠️ Yes
Notes: Affects default installations where qemu-img is present and used. The vulnerability is in the 'info' command processing of JSON-formatted block device descriptions.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete host system resource exhaustion leading to denial of service, or unauthorized read/write access to existing files on the host filesystem.

🟠

Likely Case

Denial of service through excessive memory/CPU consumption when processing malicious disk images.

🟢

If Mitigated

Limited impact if qemu-img usage is restricted to trusted users and images from verified sources only.

🌐 Internet-Facing: MEDIUM - Exploitable if qemu-img processes images from untrusted sources, but requires specific image processing scenario.
🏢 Internal Only: MEDIUM - Internal users with access to qemu-img could exploit, but requires ability to provide malicious images.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires crafting a malicious disk image with specific JSON payload and convincing a user/system to process it with qemu-img info command.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check specific Red Hat advisories for version numbers (RHSA-2024:4276, RHSA-2024:4277, etc.)

Vendor Advisory: https://access.redhat.com/errata/RHSA-2024:4276

Restart Required: No

Instructions:

1. Update QEMU packages using your distribution's package manager. 2. For RHEL: 'yum update qemu-kvm* qemu-img*'. 3. Verify the update completed successfully. 4. No service restart required for qemu-img utility.

🔧 Temporary Workarounds

Restrict qemu-img usage

linux

Limit qemu-img command execution to trusted users only and avoid processing untrusted disk images.

chmod 750 /usr/bin/qemu-img
setfacl -m u:trusteduser:rx /usr/bin/qemu-img

🧯 If You Can't Patch

  • Implement strict access controls on qemu-img binary to prevent untrusted users from executing it.
  • Only process disk images from verified, trusted sources and implement image validation before qemu-img processing.

🔍 How to Verify

Check if Vulnerable:

Check QEMU version: 'qemu-img --version' and compare against patched versions in Red Hat advisories.

Check Version:

qemu-img --version

Verify Fix Applied:

Verify updated package version: 'rpm -q qemu-img' (RHEL) or 'dpkg -l | grep qemu' (Debian/Ubuntu) and confirm version matches patched release.

📡 Detection & Monitoring

Log Indicators:

  • Unusual memory/CPU consumption by qemu-img processes
  • Failed qemu-img operations with malformed input errors

Network Indicators:

  • Unusual transfers of disk image files to systems running qemu-img

SIEM Query:

process_name:"qemu-img" AND (memory_usage>threshold OR cpu_usage>threshold)

📊 Metadata

CVE ID: CVE-2024-4467
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: July 2, 2024
Last Updated: February 25, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-4467, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)