DEBIAN-CVE-2024-8354

DEBIAN-CVE-2024-8354 PUBLISHED CVSS 5.5 MEDIUM

A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition.

Risk Scores

CVSS v3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:13	qemu	*, 0, 1:10.0.2+ds-2
Debian:14	qemu	, , 10.1.0
Debian:11	qemu	8.2.0, 1:6.0+dfsg-3, 1:6.1+dfsg-1
Debian:12	qemu	1:11.0.0~rc0+ds-2, 1:11.0.0~rc1+ds-1, *

Timeline

Sep 19, 2024 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2024-8354 advisory

Open in Interactive Console →