CVE-2024-3447

{"id": "CVE-2024-3447", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 1.5}]}, "published": "2024-11-14T12:15:17.743", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-3447", "tags": ["Third Party Advisory"], "source": "patrick@puiterwijk.org"}, {"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58813", "tags": ["Exploit", "Issue Tracking"], "source": "patrick@puiterwijk.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274123", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "patrick@puiterwijk.org"}, {"url": "https://patchew.org/QEMU/20240404085549.16987-1-philmd@linaro.org/", "tags": ["Broken Link"], "source": "patrick@puiterwijk.org"}, {"url": "https://security.netapp.com/advisory/ntap-20250425-0005/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "description": [{"lang": "en", "value": "CWE-122"}]}], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition."}, {"lang": "es", "value": "Se encontr\u00f3 un desbordamiento de b\u00fafer basado en mont\u00f3n en la emulaci\u00f3n de dispositivo SDHCI de QEMU. El error se activa cuando tanto `s->data_count` como el tama\u00f1o de `s->fifo_buffer` se establecen en 0x200, lo que genera un acceso fuera de los l\u00edmites. Un invitado malintencionado podr\u00eda usar esta falla para bloquear el proceso QEMU en el host, lo que genera una condici\u00f3n de denegaci\u00f3n de servicio."}], "lastModified": "2025-08-05T18:33:57.270", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EAD89F2-2AEA-4655-B072-E12C2AD69711", "versionEndExcluding": "7.2.11"}, {"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59D5C13B-B7C8-4057-94E6-D5B29B0C745B", "versionEndExcluding": "8.2.3", "versionStartIncluding": "8.0.0"}, {"criteria": "cpe:2.3:a:qemu:qemu:9.0.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53B020E1-1339-4E3B-8CC3-7108309DF2F1"}, {"criteria": "cpe:2.3:a:qemu:qemu:9.0.0:rc0:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E7620C7-95CD-4451-A485-69CF3752627B"}, {"criteria": "cpe:2.3:a:qemu:qemu:9.0.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8EBBE5A-0A6F-4F35-AA50-CA81B15F6BDC"}, {"criteria": "cpe:2.3:a:qemu:qemu:9.0.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45846E0D-C683-4DAF-AE17-32CD8EB283F3"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4AFE5CAF-ACA7-4F82-BEC1-69562D75E66E"}], "operator": "OR"}]}], "sourceIdentifier": "patrick@puiterwijk.org"}