Skip to main content

Qemu CVE-2024-24474

HIGH
Classic Buffer Overflow (CWE-120)
2024-02-20 cve@mitre.org
8.8
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Feb 20, 2024 - 18:15 cve.org
HIGH 8.8

DescriptionCVE.org

QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in esp_do_nodma in hw/scsi/esp.c because of an underflow of async_len.

AnalysisAI

QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Buffer Copy without Size Check (CWE-120), which allows attackers to overflow a buffer to corrupt adjacent memory. QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in esp_do_nodma in hw/scsi/esp.c because of an underflow of async_len. Affected products include: Qemu. Version information: before 8.2.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Always validate buffer sizes before copy operations. Use bounded functions (strncpy, snprintf). Enable compiler protections.

More in Qemu

View all
CVE-2015-3456 HIGH POC
7.7 May 13

The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a

CVE-2015-8556 CRITICAL POC
10.0 Mar 24

Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1. Rated critical severity (CVSS 10.0)

CVE-2019-12928 CRITICAL POC
9.8 Jun 24

The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote

CVE-2019-12929 CRITICAL POC
9.8 Jun 24

The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achi

CVE-2015-7512 CRITICAL
9.0 Jan 08

Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remot

CVE-2016-7161 CRITICAL
9.8 Oct 05

Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attacke

CVE-2022-35414 HIGH POC
8.8 Jul 11

softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_r

CVE-2016-4002 CRITICAL
9.8 Apr 26

Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept

CVE-2024-3447 MEDIUM POC
6.0 Nov 14

A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. Rated medium severity (CVSS 6.0), this vul

CVE-2017-15268 HIGH POC
7.5 Oct 12

Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, rela

CVE-2022-2962 HIGH POC
7.8 Sep 13

A DMA reentrancy issue was found in the Tulip device emulation in QEMU. Rated high severity (CVSS 7.8), this vulnerabili

CVE-2014-0222 HIGH POC
7.5 Nov 04

Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denia

Share

CVE-2024-24474 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy