Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-8354

Опубликовано: 19 сент. 2024
Источник: debian
EPSS Низкий

Описание

A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
qemufixed1:10.1.1+ds-1package
qemuno-dsatrixiepackage
qemuno-dsabookwormpackage
qemupostponedbullseyepackage

Примечания

  • https://bugzilla.redhat.com/show_bug.cgi?id=2313497

  • https://gitlab.com/qemu-project/qemu/-/issues/2548

  • Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/d0af3cd0274e265435170a583c72b9f0a4100dff

  • Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/dfae27159d00de9259f95cf578784cfccb56ce04 (v10.1.1)

  • Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/746269eaae16423572ae7c0dfeb66140fa882149 (v10.0.5)

  • Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/2ef88536a905a867260732541dd9a9661120e608 (v7.2.21)

EPSS

Процентиль: 10%
0.00049
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-8354

CVSS3: 5.5
ubuntu
около 1 года назад

A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition.

redhat логотип

CVE-2024-8354

CVSS3: 5.5
redhat
около 1 года назад

A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition.

nvd логотип

CVE-2024-8354

CVSS3: 5.5
nvd
около 1 года назад

A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition.

msrc логотип

CVE-2024-8354

msrc
3 месяца назад

Qemu-kvm: usb: assertion failure in usb_ep_get()

github логотип

GHSA-xx3p-5m4j-rhw8

CVSS3: 4.7
github
около 1 года назад

A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition.

EPSS

Процентиль: 10%
0.00049
Низкий