8.8

CVE-2024-24474

Exploit
QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in esp_do_nodma in hw/scsi/esp.c because of an underflow of async_len.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QemuQemu Update- Version < 8.2.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.4% 0.689
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

CWE-191 Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

https://gist.github.com/1047524396/5ce07b9d387095c276b1cd234ae5615e
Third Party Advisory
https://github.com/qemu/qemu/commit/77668e4b9bca03a856c27ba899a2513ddf52bb52
Patch
https://gitlab.com/qemu-project/qemu/-/issues/1810
Vendor Advisory
Exploit
Issue Tracking
https://security.netapp.com/advisory/ntap-20240510-0012/
Third Party Advisory