PT-2024-3058 · Qemu+5 · Qemu+5

Mark Cave-Ayland

Published

2024-02-20

Updated

2025-06-25

CVE-2024-24474

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions QEMU versions prior to 8.2.0

Description The issue is related to an integer underflow and a resultant buffer overflow in QEMU, which can occur through a TI command when the expected non-DMA transfer length is less than the length of the available FIFO data. This happens in the esp do nodma function in hw/scsi/esp.c due to an underflow of async len. The exploitation of this issue may allow a remote attacker to cause a denial of service.

Recommendations For QEMU versions prior to 8.2.0, update to version 8.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the esp do nodma function in hw/scsi/esp.c until a patch is available. Avoid using the async len variable in the affected FIFO buffer component until the issue is resolved.

Fix

Integer Underflow

Heap Based Buffer Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-191CWE-122CWE-120

Related Identifiers

AZL-47784

BDU:2024-03245

CVE-2024-24474

MGASA-2024-0387

OESA-2024-1420

OESA-2024-1421

OESA-2024-1422

OESA-2024-1491

OPENSUSE-SU-2024_1103-1

OPENSUSE-SU-2024_1394-1

SUSE-SU-2024:1103-1

SUSE-SU-2024:1394-1

USN-6954-1

Affected Products

Astra Linux

Linuxmint

Qemu

Red Os

Suse

Ubuntu

PT-2024-3058 · Qemu+5 · Qemu+5

CVE-2024-24474

Weakness Enumeration

Related Identifiers

Affected Products

References · 76