CVE-2024-3447

Qemu: sdhci: heap buffer overflow in sdhci_write_dataport()

Published: 11/14/2024 Last updated: 11/3/2025 Reserved: 4/8/2024

A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

CNA assigner: fedora (92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	6	Medium	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Opam packages affected (2)

conf-qemu-img nbd-tool

Products affected (14)

Product	Vendor	Version
		< 62accf6c1d7b433752cb3591bba8967b7a801ad5
		< 1.0.39
Red Hat Enterprise Linux 6	Red Hat	n/a
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Enterprise Linux 6	Red Hat	n/a
Red Hat Enterprise Linux 7	Red Hat	n/a
Red Hat Enterprise Linux 7	Red Hat	<= 6.0.12
Red Hat Enterprise Linux 7	Red Hat	< 844fc023e9f14a4fb1de5ae1eaefafd6d69c5fa1
Red Hat Enterprise Linux 7	Red Hat	< publication
Red Hat Enterprise Linux 8 Advanced Virtualization	Red Hat	< f6add0a6f78dc6360b822ca4b6f9f2f14174c8ca
Red Hat Enterprise Linux 8 Advanced Virtualization	Red Hat	n/a
Red Hat Enterprise Linux 8	Red Hat	n/a
Red Hat Enterprise Linux 8	Red Hat	n/a

References (12)

Credits (2)

Red Hat would like to thank Chuhong Yuan for reporting this issue.
Red Hat would like to thank Chuhong Yuan for reporting this issue.