AZL-47784

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-47784.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-47784

Upstream

CVE-2024-24474

Published

2024-02-20T18:15:52Z

Modified

2026-04-01T05:17:04.761665Z

Summary

CVE-2024-24474 affecting package qemu for versions less than 6.2.0-20

Details

QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in espdonodma in hw/scsi/esp.c because of an underflow of async_len.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-24474

Affected packages

Azure Linux:2 / qemu

Package

Name: qemu
Purl: pkg:rpm/azure-linux/qemu

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.2.0-20

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-47784.json"