CVE-2024-3447

Qemu: sdhci: heap buffer overflow in sdhci_write_dataport()

Published: 11/14/2024 Last updated: 11/3/2025 Reserved: 4/8/2024

A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

CNA assigner: fedora (92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	6	Medium	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Opam packages affected (2)

conf-qemu-img nbd-tool

Products affected (13)

Product	Vendor	Version
		< 10.0.14393.7070
		<= 6.0.11
Red Hat Enterprise Linux 6	Red Hat	< 10.0.14393.7070
Red Hat Enterprise Linux 9	Red Hat	<= 5.4.3
Red Hat Enterprise Linux 6	Red Hat	<= 7.2.2
Red Hat Enterprise Linux 7	Red Hat	<= 7.0.3
Red Hat Enterprise Linux 7	Red Hat	< 6.2.9200.24919
Red Hat Enterprise Linux 7	Red Hat	< 6.2.9200.24919
Red Hat Enterprise Linux 7	Red Hat	<= 6.4.4
Red Hat Enterprise Linux 8 Advanced Virtualization	Red Hat	<= 5.5.1
Red Hat Enterprise Linux 8 Advanced Virtualization	Red Hat	< 6.3.9600.22023
Red Hat Enterprise Linux 8	Red Hat	<= 6.4.1
Red Hat Enterprise Linux 8	Red Hat	< 6.3.9600.22023

References (12)

Credits (2)

Red Hat would like to thank Chuhong Yuan for reporting this issue.
Red Hat would like to thank Chuhong Yuan for reporting this issue.