QEMU before 8.2.0 has an integer underflow and resultant buffer overflow via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in esp_do_nodma in hw/scsi/esp.c because of an underflow of async_len.

...

The vulnerability of the `esp_do_nodma` function in the `hw/scsi/esp.c` file of the QEMU hardware emulation software allows a hacker to cause a service failure.

The vulnerability of the espdonodma function in the hw/scsi/esp.c file of the QEMU hardware emulation software is related to a buffer overflow condition caused by the TI command. This occurs when the expected transfer length without DMA is less than the available data in the FIFO. Exploiting this...

OESA-2024-1422 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. Th...

Buffer Overflow

QEMU is vulnerable to Buffer Overflow. The vulnerability is due to an integer underflow, resulting in a buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in espdonodma in hw/scsi/esp.c because of an underflow...

CVE-2024-24474

QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in espdonodma in hw/scsi/esp.c because of an underflow of asynclen...

CVE-2024-24474

QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in espdonodma in hw/scsi/esp.c because of an underflow of asynclen...

CVE-2024-24474

QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in espdonodma in hw/scsi/esp.c because of an underflow of asynclen...

UBUNTU-CVE-2024-24474

QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in espdonodma in hw/scsi/esp.c because of an underflow of asynclen...

CVE-2024-24474

QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in espdonodma in hw/scsi/esp.c because of an underflow of asynclen...

CVE-2024-24474

QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in espdonodma in hw/scsi/esp.c because of an underflow of asynclen...