Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-26327

Опубликовано: 19 фев. 2024
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations.

A flaw was found in the SR/IOV emulation support of QEMU. The register_vfs() function in hw/pci/pcie_sriov.c mishandled the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF (Virtual Function) implementations. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition.

Отчет

The qemu-kvm versions, as shipped with Red Hat Enterprise Linux 6, 7, 8 and RHEL Advanced Virtualization, are not affected by this CVE as they did not include Single Root I/O Virtualization (SR/IOV) support.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvm-maNot affected
Red Hat Enterprise Linux 8virt:rhel/qemu-kvmNot affected
Red Hat Enterprise Linux 8 Advanced Virtualizationvirt:av/qemu-kvmNot affected
Red Hat Enterprise Linux 9qemu-kvmFixedRHSA-2024:913612.11.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-120
https://bugzilla.redhat.com/show_bug.cgi?id=2264844QEMU: SR-IOV: improper validation of NumVFs leads to buffer overflow

EPSS

Процентиль: 26%
0.00088
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-26327

CVSS3: 5.3
ubuntu
больше 1 года назад

An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations.

nvd логотип

CVE-2024-26327

CVSS3: 5.3
nvd
больше 1 года назад

An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations.

msrc логотип

CVE-2024-26327

CVSS3: 5.3
msrc
25 дней назад

Описание отсутствует

debian логотип

CVE-2024-26327

CVSS3: 5.3
debian
больше 1 года назад

An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in h ...

github логотип

GHSA-7m48-vw34-vw84

CVSS3: 5.3
github
больше 1 года назад

An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations.

EPSS

Процентиль: 26%
0.00088
Низкий

5.5 Medium

CVSS3