CVE-2024-8354

Published: Sep 19, 2024Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD (Secondary)

Description

A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition.

Affected (6)

Products: Qemu: Qemu · Redhat: Enterprise Linux

1 product

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Qemu Qemu	All versions
Redhat Enterprise Linux	Version 6.0
Redhat Enterprise Linux	Version 7.0
Redhat Enterprise Linux	Version 8.0
Redhat Enterprise Linux	Version 8.0
Redhat Enterprise Linux	Version 9.0

Related CWEs

CWE-617

Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References (3)

https://access.redhat.com/security/cve/CVE-2024-8354

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2313497

Source: secalert@redhat.com

Issue Tracking

https://security.netapp.com/advisory/ntap-20241011-0008/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.