PT-2023-8232 · Linux+10 · Linux Kernel+10

Rohit Keshri

Published

2023-05-22

Updated

2025-11-28

CVE-2024-0340

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability was found in the vhost new msg() function in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system. This issue can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-453CWE-435CWE-200

Related Identifiers

ALSA-2024:3618

ALSA-2024:3627

ALT-PU-2024-14046

ALT-PU-2024-6818

AZL-33319

BDU:2024-00258

CESA-2024_3618

CESA-2024_3627

CVE-2024-0340

DLA-3840-1

DLA-3842-1

DSA-5658-1

DSA-5681-1

INFSA-2024_3618

INFSA-2024_3627

INFSA-2024_9315

OESA-2024-1106

OPENSUSE-SU-2024_0515-1

OPENSUSE-SU-2024_0857-1

RHSA-2024:3618

RHSA-2024:3627

RHSA-2024:9315

RHSA-2024_3618

RHSA-2024_3627

RHSA-2024_9315

RHSA-2025:7526

RLSA-2024:3618

RLSA-2024:3627

SUSE-SU-2024:0476-1

SUSE-SU-2024:0483-1

SUSE-SU-2024:0484-1

SUSE-SU-2024:0514-1

SUSE-SU-2024:0515-1

SUSE-SU-2024:0516-1

SUSE-SU-2024:0856-1

SUSE-SU-2024:0857-1

SUSE-SU-2024:0926-1

USN-6681-1

USN-6681-2

USN-6681-3

USN-6681-4

USN-6686-1

USN-6686-2

USN-6686-3

USN-6686-4

USN-6686-5

USN-6688-1

USN-6705-1

USN-6716-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Linux Kernel

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2023-8232 · Linux+10 · Linux Kernel+10

CVE-2024-0340

Weakness Enumeration

Related Identifiers

Affected Products

References · 606