CVE-2024-3447

Опубликовано: 14 нояб. 2024

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 6

Описание

A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both s->data_count and the size of s->fifo_buffer are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

Релиз	Статус	Примечание
devel	released	1:9.0.2+ds-4ubuntu2
esm-infra-legacy/trusty	released	2.0.0+dfsg-2ubuntu1.47+esm6
esm-infra-legacy/xenial	released	1:2.5+dfsg-5ubuntu10.51+esm4
esm-infra/bionic	released	1:2.11+dfsg-1ubuntu7.42+esm5
esm-infra/focal	released	1:4.2-3ubuntu6.30+esm1
esm-infra/xenial	ignored	end of ESM support, was needs-triage
focal	ignored	end of standard support, was needs-triage
jammy	released	1:6.2+dfsg-2ubuntu6.27
mantic	ignored	end of life, was needs-triage
noble	released	1:8.2.2+ds-0ubuntu1.10

Показывать по

Ссылки на источники

EPSS

Процентиль: 42%

0.00552

Низкий

6 Medium

CVSS3

Связанные уязвимости

CVE-2024-3447

CVSS3: 6

redhat

около 2 лет назад

A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

CVE-2024-3447

CVSS3: 6

nvd

больше 1 года назад

CVE-2024-3447

CVSS3: 6

msrc

около 1 года назад

Qemu: sdhci: heap buffer overflow in sdhci_write_dataport()

CVE-2024-3447

CVSS3: 6

debian

больше 1 года назад

A heap-based buffer overflow was found in the SDHCI device emulation o ...

GHSA-mq5w-grf9-5rp9

CVSS3: 6

github

больше 1 года назад

EPSS

Процентиль: 42%

0.00552

Низкий

6 Medium

CVSS3

CVE-2024-3447

Описание

Пакет qemu

Ссылки на источники

Связанные уязвимости