AZL-60778

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-60778.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-60778

Upstream

CVE-2024-8354

Published

2024-09-19T11:15:10Z

Modified

2026-04-01T05:19:53.358921Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2024-8354 affecting package qemu 9.1.0-1

Details

A flaw was found in QEMU. An assertion failure was present in the usbepget() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-8354

Affected packages

Azure Linux:3 / qemu

Package

Name: qemu
Purl: pkg:rpm/azure-linux/qemu

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

9.1.0-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-60778.json"