CVE-2024-3447

MEDIUM

QEMU - Heap-based Buffer Overflow in SDHCI Device Emulation

Title source: llm

Description

A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

References (7)

Core 7

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2025/04/msg00042.html

Vendor Advisory

https://security.netapp.com/advisory/ntap-20250425-0005/

Third Party Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2024-3447

Exploit, Issue Tracking

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58813

Issue Tracking, Third Party Advisory issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2274123

Broken Link

https://patchew.org/QEMU/[email protected]/

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-577017.html

Scores

CVSS v3 6.0

EPSS 0.0055

EPSS Percentile 41.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-122

Status published

Products (8)

netapp/hci_compute_node

qemu/qemu 9.0.0 (4 CPE variants)

qemu/qemu < 7.2.11

Red Hat/Red Hat Enterprise Linux 6

Red Hat/Red Hat Enterprise Linux 7

Red Hat/Red Hat Enterprise Linux 8

Red Hat/Red Hat Enterprise Linux 8 Advanced Virtualization

Red Hat/Red Hat Enterprise Linux 9

Published Nov 14, 2024

Tracked Since Feb 18, 2026