CVE-2024-8612

CVSS v3.1

3.8

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: QEMU (affected versions not specified)

Description: A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue push as set in virtio scsi complete req, virtio blk req complete, and virtio crypto req complete could be larger than the true size of the data sent to the guest. This may lead to an information leak due to uninitialized data in the bounce.buffer. Attackers may crash the system or execute code.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

AZL-60151

AZL-60910

BDU:2025-06254

CVE-2024-8612

MGASA-2024-0387

OESA-2024-2267

OPENSUSE-SU-2024:14411-1

OPENSUSE-SU-2024_3948-1

OPENSUSE-SU-2024_4094-1

OPENSUSE-SU-2024_4304-1

OPENSUSE-SU-2025_0692-1

SUSE-SU-2024:3744-1

SUSE-SU-2024:3948-1

SUSE-SU-2024:4094-1

SUSE-SU-2024:4304-1

SUSE-SU-2025:0692-1

SUSE-SU-2025:20076-1

Affected Products

Debian

Qemu

Suse

CVE-2024-8612

Weakness Enumeration

Related Identifiers

Affected Products

References · 61