{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3447", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "state": "PUBLISHED", "assignerShortName": "fedora", "dateReserved": "2024-04-08T07:52:52.103Z", "datePublished": "2024-11-14T12:10:36.880Z", "dateUpdated": "2025-04-25T23:02:54.909Z"}, "containers": {"cna": {"title": "Qemu: sdhci: heap buffer overflow in sdhci_write_dataport()", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition."}], "affected": [{"versions": [{"status": "affected", "version": "1.5.0", "lessThan": "9.0.0", "versionType": "semver"}], "packageName": "qemu", "collectionURL": "https://gitlab.com/qemu-project/qemu", "defaultStatus": "unaffected"}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "qemu-kvm", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "qemu-kvm", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "qemu-kvm-ma", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "virt:rhel/qemu-kvm", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8 Advanced Virtualization", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "virt:av/qemu-kvm", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:advanced_virtualization:8::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "qemu-kvm", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-3447", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58813"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274123", "name": "RHBZ#2274123", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://patchew.org/QEMU/20240404085549.16987-1-philmd@linaro.org/"}], "datePublic": "2024-04-04T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "description": "Heap-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow", "timeline": [{"lang": "en", "time": "2024-04-09T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-04-04T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Chuhong Yuan for reporting this issue."}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2024-11-14T12:10:36.880Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-14T18:53:42.574300Z", "id": "CVE-2024-3447", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-14T19:32:53.874Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20250425-0005/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-04-25T23:02:54.909Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20250425-0005/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-04-25T23:02:54.909Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3447", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-14T18:53:42.574300Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-14T18:54:23.668Z"}}], "cna": {"title": "Qemu: sdhci: heap buffer overflow in sdhci_write_dataport()", "credits": [{"lang": "en", "value": "Red Hat would like to thank Chuhong Yuan for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}], "affected": [{"versions": [{"status": "affected", "version": "1.5.0", "lessThan": "9.0.0", "versionType": "semver"}], "packageName": "qemu", "collectionURL": "https://gitlab.com/qemu-project/qemu", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "qemu-kvm", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "qemu-kvm", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "qemu-kvm-ma", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "virt:rhel/qemu-kvm", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:advanced_virtualization:8::el8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8 Advanced Virtualization", "packageName": "virt:av/qemu-kvm", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "qemu-kvm", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-04-09T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-04-04T00:00:00+00:00", "value": "Made public."}], "datePublic": "2024-04-04T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-3447", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58813"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274123", "name": "RHBZ#2274123", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://patchew.org/QEMU/20240404085549.16987-1-philmd@linaro.org/"}], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2024-11-14T12:10:36.880Z"}, "x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"}}, "cveMetadata": {"cveId": "CVE-2024-3447", "state": "PUBLISHED", "dateUpdated": "2025-04-25T23:02:54.909Z", "dateReserved": "2024-04-08T07:52:52.103Z", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "datePublished": "2024-11-14T12:10:36.880Z", "assignerShortName": "fedora"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "0EAD89F2-2AEA-4655-B072-E12C2AD69711", "versionEndExcluding": "7.2.11", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "59D5C13B-B7C8-4057-94E6-D5B29B0C745B", "versionEndExcluding": "8.2.3", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:9.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "53B020E1-1339-4E3B-8CC3-7108309DF2F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:9.0.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "5E7620C7-95CD-4451-A485-69CF3752627B", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:9.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F8EBBE5A-0A6F-4F35-AA50-CA81B15F6BDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:9.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "45846E0D-C683-4DAF-AE17-32CD8EB283F3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "4AFE5CAF-ACA7-4F82-BEC1-69562D75E66E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition."}, {"lang": "es", "value": "Se encontr\u00f3 un desbordamiento de b\u00fafer basado en mont\u00f3n en la emulaci\u00f3n de dispositivo SDHCI de QEMU. El error se activa cuando tanto `s->data_count` como el tama\u00f1o de `s->fifo_buffer` se establecen en 0x200, lo que genera un acceso fuera de los l\u00edmites. Un invitado malintencionado podr\u00eda usar esta falla para bloquear el proceso QEMU en el host, lo que genera una condici\u00f3n de denegaci\u00f3n de servicio."}], "id": "CVE-2024-3447", "lastModified": "2025-08-05T18:33:57.270", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 4.0, "source": "patrick@puiterwijk.org", "type": "Secondary"}]}, "published": "2024-11-14T12:15:17.743", "references": [{"source": "patrick@puiterwijk.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2024-3447"}, {"source": "patrick@puiterwijk.org", "tags": ["Exploit", "Issue Tracking"], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58813"}, {"source": "patrick@puiterwijk.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274123"}, {"source": "patrick@puiterwijk.org", "tags": ["Broken Link"], "url": "https://patchew.org/QEMU/20240404085549.16987-1-philmd@linaro.org/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://security.netapp.com/advisory/ntap-20250425-0005/"}], "sourceIdentifier": "patrick@puiterwijk.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "patrick@puiterwijk.org", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Chuhong Yuan for reporting this issue.", "bugzilla": {"description": "QEMU: sdhci: heap buffer overflow in sdhci_write_dataport()", "id": "2274123", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274123"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-122", "details": ["A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.", "A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition."], "name": "CVE-2024-3447", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "qemu-kvm-ma", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "virt:rhel/qemu-kvm", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:advanced_virtualization:8::el8", "fix_state": "Not affected", "package_name": "virt:av/qemu-kvm", "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-3447\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-3447\nhttps://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58813\nhttps://patchew.org/QEMU/20240404085549.16987-1-philmd@linaro.org/"], "statement": "This CVE does not affect the versions of `qemu-kvm` as shipped with Red Hat Enterprise Linux and RHEL Advanced Virtualization, as they do not include support for SDHCI device emulation.", "threat_severity": "Moderate"}