CVE Alert: CVE-2024-8612
Vulnerability Summary: CVE-2024-8612
A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in virtio_scsi_complete_req / virtio_blk_req_complete / virito_crypto_req_complete could be larger than the true size of the data which has been sent to guest. Once virtqueue_push() finally calls dma_memory_unmap to ummap the in_iov, it may call the address_space_write function to write back the data. Some uninitialized data may exist in the bounce.buffer, leading to an information leak.
Affected Endpoints:
No affected endpoints listed.
Published Date:
9/20/2024, 6:15:04 PM
❄️ CVSS Score:
Exploit Status:
Not ExploitedReferences:
- https://access.redhat.com/security/cve/CVE-2024-8612
- https://bugzilla.redhat.com/show_bug.cgi?id=2313760
Recommended Action:
No proposed action available. Please refer to vendor documentation for updates.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.