Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-8354

Опубликовано: 30 авг. 2024
Источник: redhat
CVSS3: 5.5

Описание

A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition.

Отчет

This CVE is rated as Low because unprivileged users are not able to craft USB Request Blocks (URBs). While they may be able to reach the assertion in usb_ep_get(), the vulnerability is considered unlikely to be exploited under normal circumstances.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10qemu-kvmFix deferred
Red Hat Enterprise Linux 6qemu-kvmOut of support scope
Red Hat Enterprise Linux 7qemu-kvmOut of support scope
Red Hat Enterprise Linux 7qemu-kvm-maOut of support scope
Red Hat Enterprise Linux 8virt:rhel/qemu-kvmFix deferred
Red Hat Enterprise Linux 8 Advanced Virtualizationvirt:av/qemu-kvmFix deferred
Red Hat Enterprise Linux 9qemu-kvmFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-617
https://bugzilla.redhat.com/show_bug.cgi?id=2313497qemu-kvm: usb: assertion failure in usb_ep_get()

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-8354

CVSS3: 5.5
ubuntu
больше 1 года назад

A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition.

nvd логотип

CVE-2024-8354

CVSS3: 5.5
nvd
больше 1 года назад

A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition.

msrc логотип

CVE-2024-8354

msrc
4 месяца назад

Qemu-kvm: usb: assertion failure in usb_ep_get()

debian логотип

CVE-2024-8354

CVSS3: 5.5
debian
больше 1 года назад

A flaw was found in QEMU. An assertion failure was present in the usb_ ...

github логотип

GHSA-xx3p-5m4j-rhw8

CVSS3: 4.7
github
больше 1 года назад

A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition.

5.5 Medium

CVSS3