Lucene search
Redhat.comRH:CVE-2024-24474HistoryFeb 22, 2024 - 12:32 p.m.
CVE-2024-24474
2024-02-2212:32:16
redhat.com
access.redhat.com
13
qemu
am53c974
scsi controller
buffer overflow
denial of service
cve-2024-24474
A flaw was found in the am53c974 SCSI controller emulation of QEMU. When an SCSI layer transfer is incorrectly terminated, it is possible for a TI command to cause an SCSI buffer overflow due to the expected transfer data length being less than the available data in the FIFO. When this occurs, the unsigned async_len variable underflows and becomes a large offset, which writes past the end of the allocated SCSI buffer. This flaw could allow a malicious guest to crash QEMU and cause a denial of service condition.
Related
debiancve
debiancve
CVE-2024-24474
2024-02-20 18:15:52
redos
redos
ROS-20240423-09
2024-04-23 00:00:00
cve
cve
CVE-2024-24474
2024-02-20 18:15:52
ubuntucve
ubuntucve
CVE-2024-24474
2024-02-20 00:00:00
veracode
veracode
Buffer Overflow
2024-02-26 14:34:24
prion
prion
Integer overflow
2024-02-20 18:15:00
osv
osv
CVE-2024-24474
2024-02-20 18:15:52
nessus
nessus
SUSE SLES15 Security Update : qemu (SUSE-SU-2024:1394-1)
2024-04-24 00:00:00
Oracle Linux 8 : virt:kvm_utils3 (ELSA-2024-12276)
2024-04-10 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:1394-1)
2024-05-07 00:00:00
openSUSE: Security Advisory for qemu (SUSE-SU-2024:1103-1)
2024-04-09 00:00:00
openSUSE: Security Advisory for qemu (SUSE-SU-2024:1394-1)
2024-04-25 00:00:00
oraclelinux
oraclelinux
virt:kvm_utils3 security update
2024-04-10 00:00:00