CVE-2024-24474

Published: Feb 20, 2024

Modified: Aug 15, 2024

PUBLISHED

Description

QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in esp_do_nodma in hw/scsi/esp.c because of an underflow of async_len.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gitlab.com/qemu-project/qemu/-/issues/1810

https://github.com/qemu/qemu/commit/77668e4b9bca03a856c27ba899a2513ddf52bb52

https://gist.github.com/1047524396/5ce07b9d387095c276b1cd234ae5615e

https://security.netapp.com/advisory/ntap-20240510-0012/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-24474

Description

Affected Products

References