CVE-2024-7409 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
redhat	CNA	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 79%

Debian Releases

Debian Product

Codename

qemu

bullseye	postponed
bullseye (security)	vulnerable
bookworm	1:7.2+dfsg-7+deb12u13 fixed
trixie	1:10.0.0+ds-2 fixed
sid	1:10.0.2+ds-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

qemu

plucky	Fixed 1:9.0.2+ds-4ubuntu2 released
oracular	Fixed 1:9.0.2+ds-4ubuntu2 released
noble	needed
jammy	needed
focal	needed
bionic	needed
xenial	needed
trusty	needed

Common Weakness Enumeration

CWE-662 - Improper Synchronization
The software utilizes multiple threads or processes to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes.

References

https://access.redhat.com/errata/RHSA-2024:10518

https://access.redhat.com/errata/RHSA-2024:10528

https://access.redhat.com/errata/RHSA-2024:10813

https://access.redhat.com/errata/RHSA-2024:6811

https://access.redhat.com/errata/RHSA-2024:6818

https://access.redhat.com/errata/RHSA-2024:6964

https://access.redhat.com/errata/RHSA-2024:7408

https://access.redhat.com/errata/RHSA-2024:8991

https://access.redhat.com/errata/RHSA-2024:9136

https://access.redhat.com/errata/RHSA-2024:9620

https://access.redhat.com/errata/RHSA-2024:9912

https://access.redhat.com/security/cve/CVE-2024-7409

https://bugzilla.redhat.com/show_bug.cgi?id=2302487

https://security.netapp.com/advisory/ntap-20250502-0008/