DEBIAN-CVE-2024-3447

DEBIAN-CVE-2024-3447 PUBLISHED CVSS 6 MEDIUM

A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

Risk Scores

CVSS 3.1

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:13	qemu	0, 0
Debian:11	qemu	5.2+dfsg, 5.2+dfsg, 5.2+dfsg
Debian:14	qemu	0, 0
Debian:12	qemu	7.2+dfsg, 7.2+dfsg, 7.2+dfsg

Timeline

Nov 14, 2024 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2024-3447 advisory

Open in Interactive Console →