CVE-2024-8612

🗓️ 20 Sep 2024 17:50:21Reported by redhatType

A flaw in QEMU virtio devices allows information lea

Reporter	Title	Published	Views	Family All 62
AstraLinux	Astra Linux – Vulnerability in Qemu	13 Jan 202614:01	–	astralinux
BDU FSTEC	The vulnerability of the virtio-scsi, virtio-blk, and virtio-crypt components of the QEMU hardware emulation driver’s virtqueue_push() function allows a attacker to disclose sensitive information.	2 Jun 202500:00	–	bdu_fstec
CBLMariner	CVE-2024-8612 affecting package qemu for versions less than 9.1.0-1	11 Feb 202615:01	–	cbl_mariner
Circl	CVE-2024-8612	20 Sep 202420:35	–	circl
CNNVD	QEMU 信息泄露漏洞	20 Sep 202400:00	–	cnnvd
Cvelist	CVE-2024-8612 Qemu-kvm: information leak in virtio devices	20 Sep 202417:50	–	cvelist
Debian CVE	CVE-2024-8612	20 Sep 202417:50	–	debiancve
Tenable Nessus	EulerOS Virtualization 2.10.1 : qemu (EulerOS-SA-2026-1144)	31 Jan 202600:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.10.0 : qemu (EulerOS-SA-2026-1195)	31 Jan 202600:00	–	nessus
Tenable Nessus	QEMU 7.2.x < 7.2.15, 8.0.x < 8.0.6, 8.1.x < 8.1.6, 8.2.x < 8.2.8, 9.0.x < 9.0.4, 9.1.x < 9.1.1 Information Leak	27 Sep 202400:00	–	nessus

[
  {
    "repo": "https://gitlab.com/qemu-project/qemu",
    "versions": [
      {
        "status": "unaffected",
        "version": "637b0aa139565cb82a7b9269e62214f87082635c",
        "lessThan": "*",
        "versionType": "git"
      }
    ],
    "packageName": "qemu",
    "collectionURL": "https://gitlab.com/qemu-project/qemu"
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 10",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "qemu-kvm",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:10"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "qemu-kvm",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "qemu-kvm",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "qemu-kvm-ma",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "virt:rhel/qemu-kvm",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "virt:av/qemu-kvm",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:advanced_virtualization:8::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "qemu-kvm",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  }
]

Source	Link
access	www.access.redhat.com/security/cve/CVE-2024-8612
gitlab	www.gitlab.com/qemu-project/qemu/-/commit/637b0aa139565cb82a7b9269e62214f87082635c
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
security	www.security.netapp.com/advisory/ntap-20241108-0006/

17 Jun 2026 08:22Current

3.9Low risk

Vulners AI Score3.9

CVSS 3.13.8

EPSS0.00204

SSVC

CWE-200