CVE-2024-7409: 
Rocky Linux vulnerability analysis and mitigation

A flaw was discovered in the QEMU NBD Server that allows a denial of service (DoS) attack through improper synchronization during socket closure when a client keeps a socket open as the server is taken offline. This vulnerability was assigned CVE-2024-7409 and was first reported on August 2, 2024 (Bugzilla).

The vulnerability exists in the QEMU code for temporarily exposing an NBD server, which is used for storage migration and other tasks. Even when QEMU is configured to only accept clients with proper TLS credentials, an attacker without TLS credentials can exploit this flaw by connecting a second socket during an ongoing storage migration through the intended socket. The attacker can then stall the NBD handshake before TLS negotiation and wait for the server to go offline. When the NBD server is stopped, closing the attacker's socket can trigger a crash in QEMU (Bugzilla).

The successful exploitation of this vulnerability results in a denial of service condition by causing QEMU to crash when the NBD server is taken offline while a malicious connection is maintained (NVD).

Red Hat has released security updates to address this vulnerability across multiple products including Red Hat Enterprise Linux and OpenShift Container Platform versions. Users are advised to upgrade to the patched versions available through various security advisories (Red Hat Advisory).