CVE-2024-3447

A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both s->data_count and the size of s->fifo_buffer are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

References

Affected packages

Git / github.com/qemu/qemu

Affected ranges

Type

GIT

Repo

https://github.com/qemu/qemu

Events

Introduced

Fixed

c6fe0f315cfac9739c8d57ffa05c9c22d7ebd2cb

Introduced

c1eb2ddf0f8075faddc5f7c3d39feae3e8e9d6b4

Fixed

8216663a5c88968a62f67e4aa80807167efceb8d

Introduced

Last affected

c25df57ae8f9fe1c72eee2dab37d76d904ac382e

Introduced

Last affected

c62d54d0a8067ffb3d5b909276f7296d7df33fa7

Introduced

Last affected

5012e522aca161be5c141596c66e5cc6082538a9

Introduced

Last affected

e5c6528dce86d7a9ada7ecf02fcb7b8560955131

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "7.2.11"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "fixed": "8.2.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-rc0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-rc2"
        }
    ]
}

Affected versions

v8.*

v8.0.0

v8.1.0

v8.1.0-rc0

v8.1.0-rc1

v8.1.0-rc2

v8.1.0-rc3

v8.1.0-rc4

v8.2.0

v8.2.0-rc0

v8.2.0-rc1

v8.2.0-rc2

v8.2.0-rc3

v8.2.0-rc4

v9.*

v9.0.0

v9.0.0-rc0

v9.0.0-rc1

v9.0.0-rc2

v9.0.0-rc3

v9.0.0-rc4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-3447.json"