CVE-2024-8612

EUVD-2024-49297

20.09.2024, 18:15

A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in virtio_scsi_complete_req / virtio_blk_req_complete / virito_crypto_req_complete could be larger than the true size of the data which has been sent to guest. Once virtqueue_push() finally calls dma_memory_unmap to ummap the in_iov, it may call the address_space_write function to write back the data. Some uninitialized data may exist in the bounce.buffer, leading to an information leak.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	3.8 LOW	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 16%

Debian Releases

Debian Product

Codename

qemu

bookworm	no-dsa
bookworm (security)	vulnerable
bullseye	postponed
bullseye (security)	vulnerable
forky	vulnerable
sid	vulnerable
trixie	no-dsa
trixie (security)	vulnerable

Ubuntu Releases

Ubuntu Product

Codename

qemu

bionic	deferred
focal	deferred
jammy	deferred
noble	deferred
oracular	ignored
plucky	deferred
questing	deferred
trusty	deferred
xenial	deferred

openSUSE / SLES Releases

openSUSE Product

Release

qemu

suse enterprise sap 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP3	5.2.0-150300.135.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.37.3 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-SLOF

suse enterprise sap 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP3	5.2.0-150300.135.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.37.3 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-accel-tcg-x86

suse enterprise sap 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.37.3 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-arm

suse enterprise sap 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP3	5.2.0-150300.135.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.37.3 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-audio-alsa

suse enterprise sap 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP3	5.2.0-150300.135.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.37.3 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-audio-dbus

suse enterprise sap 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-audio-pa

suse enterprise sap 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP3	5.2.0-150300.135.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.37.3 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-audio-pipewire

suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-audio-spice

suse enterprise sap 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP3	5.2.0-150300.135.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.37.3 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-block-curl

suse enterprise sap 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP3	5.2.0-150300.135.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.37.3 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-block-iscsi

suse enterprise sap 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP3	5.2.0-150300.135.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.37.3 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-block-nfs

suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-block-rbd

suse enterprise sap 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP3	5.2.0-150300.135.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.37.3 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-block-ssh

suse enterprise sap 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP3	5.2.0-150300.135.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.37.3 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-chardev-baum

suse enterprise sap 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP3	5.2.0-150300.135.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.37.3 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-chardev-spice

suse enterprise sap 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP3	5.2.0-150300.135.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.37.3 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-guest-agent

suse enterprise sap 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP3	5.2.0-150300.135.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.37.3 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-headless

suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-hw-display-qxl

suse enterprise sap 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP3	5.2.0-150300.135.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.37.3 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-hw-display-virtio-gpu

suse enterprise sap 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP3	5.2.0-150300.135.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.37.3 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-hw-display-virtio-gpu-pci

suse enterprise sap 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP3	5.2.0-150300.135.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.37.3 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-hw-display-virtio-vga

suse enterprise sap 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP3	5.2.0-150300.135.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.37.3 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-hw-s390x-virtio-gpu-ccw

suse enterprise sap 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP3	5.2.0-150300.135.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.37.3 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-hw-usb-host

suse enterprise sap 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.37.3 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-hw-usb-redirect

suse enterprise sap 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP3	5.2.0-150300.135.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.37.3 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-img

suse enterprise desktop 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise desktop 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-ipxe

suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-ksm

suse enterprise sap 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP3	5.2.0-150300.135.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.37.3 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-kvm

suse enterprise sap 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise server 15 SP3	5.2.0-150300.135.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.37.3 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.24.1 fixed

qemu-lang

suse enterprise sap 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP3	5.2.0-150300.135.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.37.3 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-ppc

suse enterprise sap 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP3	5.2.0-150300.135.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.37.3 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-pr-helper

suse enterprise desktop 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise desktop 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-s390x

suse enterprise sap 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP3	5.2.0-150300.135.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.37.3 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-sgabios-8

suse enterprise sap 15 SP5	150500.49.24.1 fixed
suse enterprise sap 15 SP7	150500.49.24.1 fixed
suse enterprise server 15 SP3	150300.135.1 fixed
suse enterprise server 15 SP4	150400.37.37.3 fixed
suse enterprise server 15 SP5	150500.49.24.1 fixed
suse enterprise server 15 SP7	150500.49.24.1 fixed

qemu-skiboot

suse enterprise sap 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP3	5.2.0-150300.135.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.37.3 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-spice

suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-tools

suse enterprise desktop 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise desktop 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP3	5.2.0-150300.135.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.37.3 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-ui-curses

suse enterprise sap 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP3	5.2.0-150300.135.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.37.3 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-ui-dbus

suse enterprise sap 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-ui-gtk

suse enterprise sap 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP3	5.2.0-150300.135.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.37.3 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-ui-opengl

suse enterprise sap 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP3	5.2.0-150300.135.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.37.3 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-ui-spice-app

suse enterprise sap 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP3	5.2.0-150300.135.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.37.3 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-ui-spice-core

suse enterprise sap 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP3	5.2.0-150300.135.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.37.3 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-vmsr-helper

suse enterprise desktop 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

qemu-x86

suse enterprise sap 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise sap 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise sap 15 SP7	9.2.2-150700.1.4 fixed
suse enterprise server 15 SP3	5.2.0-150300.135.1 fixed
suse enterprise server 15 SP4	6.2.0-150400.37.37.3 fixed
suse enterprise server 15 SP5	7.1.0-150500.49.24.1 fixed
suse enterprise server 15 SP6	8.2.7-150600.3.20.1 fixed
suse enterprise server 15 SP7	9.2.2-150700.1.4 fixed

Common Weakness Enumeration

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References

https://access.redhat.com/security/cve/CVE-2024-8612

https://bugzilla.redhat.com/show_bug.cgi?id=2313760

https://gitlab.com/qemu-project/qemu/-/commit/637b0aa139565cb82a7b9269e62214f87082635c

https://security.netapp.com/advisory/ntap-20241108-0006/