PT-2024-7400 · Qemu+5 · Qemu+5

Antoine Assier De Pompignan

Published

2024-08-30

Updated

2026-06-09

CVE-2024-8354

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: QEMU (affected versions not specified)

Description: A flaw was found in QEMU, related to an assertion failure in the usb ep get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This issue may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

AZL-60064

AZL-60778

BDU:2024-08773

CVE-2024-8354

ECHO-5789-A454-B554

MGASA-2024-0387

OESA-2025-2597

OESA-2025-2598

OESA-2025-2599

OESA-2025-2600

OESA-2025-2757

OESA-2025-2758

OPENSUSE-SU-2024_3948-1

OPENSUSE-SU-2024_4094-1

OPENSUSE-SU-2024_4304-1

SUSE-SU-2024:3744-1

SUSE-SU-2024:3948-1

SUSE-SU-2024:4094-1

SUSE-SU-2024:4304-1

SUSE-SU-2025:20076-1

USN-7744-1

USN-8073-1

USN-8412-1

Affected Products

Debian

Linuxmint

Qemu

Red Os

Suse

Ubuntu

PT-2024-7400 · Qemu+5 · Qemu+5

CVE-2024-8354

Weakness Enumeration

Related Identifiers

Affected Products

References · 123