QEMU Vendor Flaw Affectsvirtio-scsi, virtio-blk, and virtio-crypto Devices
CVE-2024-8612

3.8LOW

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 8 Advanced Virtualization
Vendor: CVE Published:; 20 September 2024

Summary

A vulnerability exists within QEMU, particularly affecting the virtio-scsi, virtio-blk, and virtio-crypto devices. This arises from a flaw in the virtqueue_push process where the size parameter can exceed the actual data size sent to the guest. Consequently, when the dma_memory_unmap function is invoked, it may erroneously call the address_space_write function to write back potentially sensitive information. This process can inadvertently expose uninitialized data from the bounce buffer, leading to an information leak that poses a security risk.

References

https://access.redhat.com/security/cve/CVE-2024-8612

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2313760

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

3.8

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 20, 2024

Credit

Red Hat would like to thank Xiao Lei (FSL team), Yiming Tao (FSL team), and Yongkang Jia (FSL team) for reporting this issue.