AZL-60196

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-60196.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-60196

Upstream

CVE-2024-3447

Published

2024-11-14T12:15:17Z

Modified

2026-04-01T05:19:52.580465Z

Summary

CVE-2024-3447 affecting package qemu for versions less than 6.2.0-24

Details

A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both s->data_count and the size of s->fifo_buffer are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-3447

Affected packages

Azure Linux:2 / qemu

Package

Name: qemu
Purl: pkg:rpm/azure-linux/qemu

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.2.0-24

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-60196.json"