CVE-2024-8612

EUVD-2024-49297

20.09.2024, 18:15

A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in virtio_scsi_complete_req / virtio_blk_req_complete / virito_crypto_req_complete could be larger than the true size of the data which has been sent to guest. Once virtqueue_push() finally calls dma_memory_unmap to ummap the in_iov, it may call the address_space_write function to write back the data. Some uninitialized data may exist in the bounce.buffer, leading to an information leak.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	3.8 LOW	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
redhat	CNA	3.8 LOW	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 16%

Debian Releases

Debian Product

Codename

qemu

bookworm	no-dsa
bookworm (security)	vulnerable
bullseye	postponed
bullseye (security)	vulnerable
forky	vulnerable
sid	vulnerable
trixie	no-dsa
trixie (security)	vulnerable

Ubuntu Releases

Ubuntu Product

Codename

qemu

bionic	deferred
focal	deferred
jammy	deferred
noble	deferred
oracular	ignored
plucky	deferred
questing	deferred
trusty	deferred
xenial	deferred

Common Weakness Enumeration

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References

https://access.redhat.com/security/cve/CVE-2024-8612

https://bugzilla.redhat.com/show_bug.cgi?id=2313760

https://gitlab.com/qemu-project/qemu/-/commit/637b0aa139565cb82a7b9269e62214f87082635c

https://security.netapp.com/advisory/ntap-20241108-0006/