CVE-2024-8612 | QEMU virtio-scsi/virtio-blk/virtio-crypto virtqueue_push buffer overflow

A vulnerability was found in QEMU. It has been classified as problematic. Affected is the function virtqueue_push of the component virtio-scsi/virtio-blk/virtio-crypto. The manipulation of the argument virtio_scsi_complete_req/virtio_blk_req_complete/virito_crypto_req_complete leads to buffer overflow.

This vulnerability is traded as CVE-2024-8612. Access to the local network is required for this attack to succeed. There is no exploit available.

It is recommended to apply a patch to fix this issue.

CVE-2024-8612 | QEMU virtio-scsi/virtio-blk/virtio-crypto virtqueue_push buffer overflow

Related Posts

CVE-2024-26577 | VSeeFace up to 1.13.38.c2 UDP Packet denial of service

CVE-2024-5681 | Schneider Electric EcoStruxure Foxboro DCS Core Control Services up to 9.8 IOCTL Call Foxboro.sys input validation (SEVD-2024-191-02)

CVE-2023-45482 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn get_parentControl_list_Info urls stack-based overflow

CVE-2024-0529 | CXBSoft Post-Office up to 1.0 HTTP POST Request /apps/login_auth.php username_login sql injection