Qemu · Qemu · CVE-2024-8612
Name of the Vulnerable Software and Affected Versions:
QEMU (affected versions not specified)
Description:
A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for `virtqueue push` as set in `virtio scsi complete req`, `virtio blk req complete`, and `virtio crypto req complete` could be larger than the true size of the data sent to the guest. This may lead to an information leak due to uninitialized data in the `bounce.buffer`. Attackers may crash the system or execute code.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.