fkie_cve-2024-3447
Vulnerability from fkie_nvd
Published
2024-11-14 12:15
Modified
2025-08-05 18:33
Severity ?
Summary
A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
References
▶ | URL | Tags | |
---|---|---|---|
patrick@puiterwijk.org | https://access.redhat.com/security/cve/CVE-2024-3447 | Third Party Advisory | |
patrick@puiterwijk.org | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58813 | Exploit, Issue Tracking | |
patrick@puiterwijk.org | https://bugzilla.redhat.com/show_bug.cgi?id=2274123 | Issue Tracking, Third Party Advisory | |
patrick@puiterwijk.org | https://patchew.org/QEMU/20240404085549.16987-1-philmd@linaro.org/ | Broken Link | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20250425-0005/ | Vendor Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "0EAD89F2-2AEA-4655-B072-E12C2AD69711", "versionEndExcluding": "7.2.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "59D5C13B-B7C8-4057-94E6-D5B29B0C745B", "versionEndExcluding": "8.2.3", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:9.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "53B020E1-1339-4E3B-8CC3-7108309DF2F1", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:9.0.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "5E7620C7-95CD-4451-A485-69CF3752627B", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:9.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F8EBBE5A-0A6F-4F35-AA50-CA81B15F6BDC", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:9.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "45846E0D-C683-4DAF-AE17-32CD8EB283F3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "4AFE5CAF-ACA7-4F82-BEC1-69562D75E66E", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s-\u003edata_count` and the size of `s-\u003efifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition." }, { "lang": "es", "value": "Se encontr\u00f3 un desbordamiento de b\u00fafer basado en mont\u00f3n en la emulaci\u00f3n de dispositivo SDHCI de QEMU. El error se activa cuando tanto `s-\u0026gt;data_count` como el tama\u00f1o de `s-\u0026gt;fifo_buffer` se establecen en 0x200, lo que genera un acceso fuera de los l\u00edmites. Un invitado malintencionado podr\u00eda usar esta falla para bloquear el proceso QEMU en el host, lo que genera una condici\u00f3n de denegaci\u00f3n de servicio." } ], "id": "CVE-2024-3447", "lastModified": "2025-08-05T18:33:57.270", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.5, "impactScore": 4.0, "source": "patrick@puiterwijk.org", "type": "Secondary" } ] }, "published": "2024-11-14T12:15:17.743", "references": [ { "source": "patrick@puiterwijk.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/security/cve/CVE-2024-3447" }, { "source": "patrick@puiterwijk.org", "tags": [ "Exploit", "Issue Tracking" ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58813" }, { "source": "patrick@puiterwijk.org", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274123" }, { "source": "patrick@puiterwijk.org", "tags": [ "Broken Link" ], "url": "https://patchew.org/QEMU/20240404085549.16987-1-philmd@linaro.org/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20250425-0005/" } ], "sourceIdentifier": "patrick@puiterwijk.org", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-122" } ], "source": "patrick@puiterwijk.org", "type": "Secondary" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…