CVE-2024-3447

Qemu: sdhci: heap buffer overflow in sdhci_write_dataport()

Published: 11/14/2024 Last updated: 5/12/2026 Reserved: 4/8/2024

A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

CNA assigner: fedora (92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	6	Medium	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Opam packages affected (2)

conf-qemu-img nbd-tool

Products affected (14)

Product	Vendor	Version
		7.1.1
		n/a
Red Hat Enterprise Linux 6	Red Hat	7.6
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Enterprise Linux 9	Red Hat	2010 Service Pack 2
Red Hat Enterprise Linux 6	Red Hat	n/a
Red Hat Enterprise Linux 7	Red Hat	n/a
Red Hat Enterprise Linux 7	Red Hat	n/a
Red Hat Enterprise Linux 7	Red Hat	n/a
Red Hat Enterprise Linux 7	Red Hat	2.3, 2.3(2)
Red Hat Enterprise Linux 8 Advanced Virtualization	Red Hat	n/a
Red Hat Enterprise Linux 8 Advanced Virtualization	Red Hat	n/a
Red Hat Enterprise Linux 8	Red Hat	n/a
Red Hat Enterprise Linux 8	Red Hat	n/a

References (14)

Credits (2)

Red Hat would like to thank Chuhong Yuan for reporting this issue.
Red Hat would like to thank Chuhong Yuan for reporting this issue.