Количество 12
Количество 12
CVE-2024-8612
A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in virtio_scsi_complete_req / virtio_blk_req_complete / virito_crypto_req_complete could be larger than the true size of the data which has been sent to guest. Once virtqueue_push() finally calls dma_memory_unmap to ummap the in_iov, it may call the address_space_write function to write back the data. Some uninitialized data may exist in the bounce.buffer, leading to an information leak.
CVE-2024-8612
A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in virtio_scsi_complete_req / virtio_blk_req_complete / virito_crypto_req_complete could be larger than the true size of the data which has been sent to guest. Once virtqueue_push() finally calls dma_memory_unmap to ummap the in_iov, it may call the address_space_write function to write back the data. Some uninitialized data may exist in the bounce.buffer, leading to an information leak.
CVE-2024-8612
A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in virtio_scsi_complete_req / virtio_blk_req_complete / virito_crypto_req_complete could be larger than the true size of the data which has been sent to guest. Once virtqueue_push() finally calls dma_memory_unmap to ummap the in_iov, it may call the address_space_write function to write back the data. Some uninitialized data may exist in the bounce.buffer, leading to an information leak.
CVE-2024-8612
Qemu-kvm: information leak in virtio devices
CVE-2024-8612
A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-c ...
GHSA-whq8-5442-qhw7
A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in virtio_scsi_complete_req / virtio_blk_req_complete / virito_crypto_req_complete could be larger than the true size of the data which has been sent to guest. Once virtqueue_push() finally calls dma_memory_unmap to ummap the in_iov, it may call the address_space_write function to write back the data. Some uninitialized data may exist in the bounce.buffer, leading to an information leak.
BDU:2025-06254
Уязвимость компонентов virtio-scsi, virtio-blk, virtio-crypt функции virtqueue_push() эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю раскрыть защищаемую информацию
SUSE-SU-2025:0692-1
Security update for qemu
SUSE-SU-2024:4304-1
Security update for qemu
SUSE-SU-2024:3948-1
Security update for qemu
SUSE-SU-2024:4094-1
Security update for qemu
SUSE-SU-2024:3744-1
Security update for qemu
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-8612 A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in virtio_scsi_complete_req / virtio_blk_req_complete / virito_crypto_req_complete could be larger than the true size of the data which has been sent to guest. Once virtqueue_push() finally calls dma_memory_unmap to ummap the in_iov, it may call the address_space_write function to write back the data. Some uninitialized data may exist in the bounce.buffer, leading to an information leak. | CVSS3: 3.8 | 0% Низкий | около 1 года назад |
 | CVE-2024-8612 A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in virtio_scsi_complete_req / virtio_blk_req_complete / virito_crypto_req_complete could be larger than the true size of the data which has been sent to guest. Once virtqueue_push() finally calls dma_memory_unmap to ummap the in_iov, it may call the address_space_write function to write back the data. Some uninitialized data may exist in the bounce.buffer, leading to an information leak. | CVSS3: 3.8 | 0% Низкий | около 1 года назад |
 | CVE-2024-8612 A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in virtio_scsi_complete_req / virtio_blk_req_complete / virito_crypto_req_complete could be larger than the true size of the data which has been sent to guest. Once virtqueue_push() finally calls dma_memory_unmap to ummap the in_iov, it may call the address_space_write function to write back the data. Some uninitialized data may exist in the bounce.buffer, leading to an information leak. | CVSS3: 3.8 | 0% Низкий | около 1 года назад |
 | CVE-2024-8612 Qemu-kvm: information leak in virtio devices | 0% Низкий | 3 месяца назад | |
| CVE-2024-8612 A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-c ... | CVSS3: 3.8 | 0% Низкий | около 1 года назад |
| GHSA-whq8-5442-qhw7 A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in virtio_scsi_complete_req / virtio_blk_req_complete / virito_crypto_req_complete could be larger than the true size of the data which has been sent to guest. Once virtqueue_push() finally calls dma_memory_unmap to ummap the in_iov, it may call the address_space_write function to write back the data. Some uninitialized data may exist in the bounce.buffer, leading to an information leak. | CVSS3: 3.8 | 0% Низкий | около 1 года назад |
 | BDU:2025-06254 Уязвимость компонентов virtio-scsi, virtio-blk, virtio-crypt функции virtqueue_push() эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю раскрыть защищаемую информацию | CVSS3: 3.8 | 0% Низкий | около 1 года назад |
 | SUSE-SU-2025:0692-1 Security update for qemu | 9 месяцев назад | ||
| SUSE-SU-2024:4304-1 Security update for qemu | 11 месяцев назад | ||
| SUSE-SU-2024:3948-1 Security update for qemu | около 1 года назад | ||
| SUSE-SU-2024:4094-1 Security update for qemu | 12 месяцев назад | ||
| SUSE-SU-2024:3744-1 Security update for qemu | около 1 года назад |
Уязвимостей на страницу