VDB
CVE-2024-24474
CVE-2024-24474
PUBLISHED
Es besteht eine Schwachstelle in QEMU. Dieser Fehler besteht aufgrund eines Pufferüberlaufproblems. Ein lokaler Angreifer kann diese Schwachstelle zur Ausführung von beliebigem Code ausnutzen.
EPSS 0.61% · 70.3th percentile
Risk Scores
EPSS Score
0.61%
70.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu | Ubuntu Linux | |
| Open Source | Open Source QEMU <8.2.0 | |
| Oracle | Oracle Linux | |
| SUSE | SUSE Linux |
Exploit Intelligence
- CIRCL seen: CVE-2024-24474 (circl-sighting)
- CIRCL seen: CVE-2024-24474 (circl-sighting)
- CIRCL seen: CVE-2024-24474 (circl-sighting)
- CIRCL seen: CVE-2024-24474 (circl-sighting)
- https://gitlab.com/qemu-project/qemu/-/issues/1810 (nist-nvd)
- https://github.com/qemu/qemu/commit/77668e4b9bca03a856c27ba899a2513ddf52bb52 (circl)
- https://security.netapp.com/advisory/ntap-20240510-0012/ (circl)
- CVE-2024-24474 (osv)
Timeline
- Jan 20, 1970 GitHub Gist PoC
- Feb 20, 2024 CVE Published
- Feb 20, 2024 PoC Published
- Feb 20, 2024 PoC Published
- Feb 21, 2024 EPSS Score
- Feb 21, 2024 PoC Published
- Feb 22, 2024 PoC Published
- Mar 19, 2024 EPSS Score
- Apr 15, 2024 EPSS Score
- May 11, 2024 EPSS Score
- Jun 7, 2024 EPSS Score
- Jul 4, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0437.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0437 advisory
- https://github.com/advisories/GHSA-v4q2-79g6-j728 advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-April/018293.html advisory
- https://linux.oracle.com/errata/ELSA-2024-12276.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-April/018405.html advisory
- https://linux.oracle.com/errata/ELSA-2024-12407.html advisory
- https://linux.oracle.com/errata/ELSA-2024-12435.html advisory
- https://ubuntu.com/security/notices/USN-6954-1 advisory
- https://linux.oracle.com/errata/ELSA-2024-12604.html advisory
- https://linux.oracle.com/errata/ELSA-2024-12791.html advisory