CVE-2024-3567

Qemu-kvm: net: assertion failure in update_sctp_checksum()

Published: 4/10/2024 Last updated: 11/8/2025 Reserved: 4/10/2024

A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	5.5	Medium	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Opam packages affected (2)

conf-qemu-img nbd-tool

Products affected (7)

Product	Vendor	Version
		< a8c988d752b3d98d5cc1e3929c519a55ef55426c
Red Hat Enterprise Linux 9	Red Hat	< 262e942ff5a839b9e4f3302a8987928b0c8b8a2d
Red Hat Enterprise Linux 6	Red Hat	< 8aa11aa001576bf3b00dcb8559564ad7a3113588
Red Hat Enterprise Linux 7	Red Hat	< 3ad0034910a57aa88ed9976b1431b7b8c84e0048
Red Hat Enterprise Linux 7	Red Hat	< aa6107dcc4ce9a3451f2d729204713783b657257
Red Hat Enterprise Linux 8 Advanced Virtualization	Red Hat	2.6.19
Red Hat Enterprise Linux 8	Red Hat	< ff2e185cf73df480ec69675936c4ee75a445c3e4

CVE-2024-3567

Qemu-kvm: net: assertion failure in update_sctp_checksum()

Metrics

Opam packages affected (2)

Products affected (7)

References (16)