CVE-2024-3447

A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

CVSS v3 6.0 MEDIUM

6.0^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.5 / Impact : 4.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2024-3447
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58813
https://bugzilla.redhat.com/show_bug.cgi?id=2274123
https://patchew.org/QEMU/20240404085549.16987-1-philmd@linaro.org/

Configurations

No configuration.

History

15 Nov 2024, 13:58

Type	Values Removed	Values Added
Summary		(es) Se encontró un desbordamiento de búfer basado en montón en la emulación de dispositivo SDHCI de QEMU. El error se activa cuando tanto `s->data_count` como el tamaño de `s->fifo_buffer` se establecen en 0x200, lo que genera un acceso fuera de los límites. Un invitado malintencionado podría usar esta falla para bloquear el proceso QEMU en el host, lo que genera una condición de denegación de servicio.

14 Nov 2024, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-14 12:15

Updated : 2024-11-15 13:58

NVD link : CVE-2024-3447

Mitre link : CVE-2024-3447

CVE.ORG link : CVE-2024-3447

JSON object : View

Products Affected

No product.

CWE

CWE-122

Heap-based Buffer Overflow

6.0 /10