CVE-2024-8354

Опубликовано: 30 авг. 2024

Источник: redhat

CVSS3: 5.5

EPSS Низкий

Описание

A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition.

Отчет

This CVE is rated as Low because unprivileged users are not able to craft USB Request Blocks (URBs). While they may be able to reach the assertion in usb_ep_get(), the vulnerability is considered unlikely to be exploited under normal circumstances.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	qemu-kvm	Fix deferred
Red Hat Enterprise Linux 6	qemu-kvm	Out of support scope
Red Hat Enterprise Linux 7	qemu-kvm	Out of support scope
Red Hat Enterprise Linux 7	qemu-kvm-ma	Out of support scope
Red Hat Enterprise Linux 8	virt:rhel/qemu-kvm	Fix deferred
Red Hat Enterprise Linux 8 Advanced Virtualization	virt:av/qemu-kvm	Fix deferred
Red Hat Enterprise Linux 9	qemu-kvm	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-617

https://bugzilla.redhat.com/show_bug.cgi?id=2313497qemu-kvm: usb: assertion failure in usb_ep_get()

EPSS

Процентиль: 0%

0.00005

Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2024-8354

CVSS3: 5.5

ubuntu

11 месяцев назад

CVE-2024-8354

CVSS3: 5.5

nvd

11 месяцев назад

CVE-2024-8354

CVSS3: 5.5

debian

11 месяцев назад

A flaw was found in QEMU. An assertion failure was present in the usb_ ...

GHSA-xx3p-5m4j-rhw8

CVSS3: 4.7

github

11 месяцев назад

BDU:2024-08773

CVSS3: 5.5

fstec

12 месяцев назад

Уязвимость функции usb_ep_get() (hw/net/core.c) эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 0%

0.00005

Низкий

5.5 Medium

CVSS3