CVE-2024-3447

{"id": "CVE-2024-3447", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 1.5}]}, "published": "2024-11-14T12:15:17.743", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-3447", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58813", "tags": ["Exploit", "Issue Tracking"], "source": "[email protected]"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274123", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://patchew.org/QEMU/[email protected]/", "tags": ["Broken Link"], "source": "[email protected]"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00042.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20250425-0005/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-122"}]}], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition."}, {"lang": "es", "value": "Se encontr\u00f3 un desbordamiento de b\u00fafer basado en mont\u00f3n en la emulaci\u00f3n de dispositivo SDHCI de QEMU. El error se activa cuando tanto `s->data_count` como el tama\u00f1o de `s->fifo_buffer` se establecen en 0x200, lo que genera un acceso fuera de los l\u00edmites. Un invitado malintencionado podr\u00eda usar esta falla para bloquear el proceso QEMU en el host, lo que genera una condici\u00f3n de denegaci\u00f3n de servicio."}], "lastModified": "2025-11-03T20:16:26.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EAD89F2-2AEA-4655-B072-E12C2AD69711", "versionEndExcluding": "7.2.11"}, {"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59D5C13B-B7C8-4057-94E6-D5B29B0C745B", "versionEndExcluding": "8.2.3", "versionStartIncluding": "8.0.0"}, {"criteria": "cpe:2.3:a:qemu:qemu:9.0.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53B020E1-1339-4E3B-8CC3-7108309DF2F1"}, {"criteria": "cpe:2.3:a:qemu:qemu:9.0.0:rc0:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E7620C7-95CD-4451-A485-69CF3752627B"}, {"criteria": "cpe:2.3:a:qemu:qemu:9.0.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8EBBE5A-0A6F-4F35-AA50-CA81B15F6BDC"}, {"criteria": "cpe:2.3:a:qemu:qemu:9.0.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45846E0D-C683-4DAF-AE17-32CD8EB283F3"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4AFE5CAF-ACA7-4F82-BEC1-69562D75E66E"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}