Bugzilla – Bug 1220134
VUL-0: CVE-2024-24474: qemu: integer overflow results in buffer overflow via SCSI command
Last modified: 2024-07-19 12:48:01 UTC
QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in esp_do_nodma in hw/scsi/esp.c because of an underflow of async_len. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-24474 https://gitlab.com/qemu-project/qemu/-/issues/1810 https://www.cve.org/CVERecord?id=CVE-2024-24474 https://gist.github.com/1047524396/5ce07b9d387095c276b1cd234ae5615e https://github.com/qemu/qemu/commit/77668e4b9bca03a856c27ba899a2513ddf52bb52
Affects: - SUSE:SLE-15-SP4:Update/qemu - SUSE:SLE-15-SP5:Update/qemu SUSE:ALP:Source:Standard:1.0 and openSUSE:Factory already fixed.
SUSE-SU-2024:1103-1: An update that solves five vulnerabilities, contains two features and has one security fix can now be installed. Category: security (important) Bug References: 1205316, 1209554, 1218484, 1220062, 1220065, 1220134 CVE References: CVE-2023-1544, CVE-2023-6693, CVE-2024-24474, CVE-2024-26327, CVE-2024-26328 Jira References: PED-7366, PED-8113 Maintenance Incident: [SUSE:Maintenance:33006](https://smelt.suse.de/incident/33006/) Sources used: SUSE Package Hub 15 15-SP5 (src): qemu-7.1.0-150500.49.12.1 Server Applications Module 15-SP5 (src): qemu-7.1.0-150500.49.12.1 openSUSE Leap 15.5 (src): qemu-linux-user-7.1.0-150500.49.12.1, qemu-7.1.0-150500.49.12.1 SUSE Linux Enterprise Micro 5.5 (src): qemu-7.1.0-150500.49.12.1 Basesystem Module 15-SP5 (src): qemu-7.1.0-150500.49.12.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1394-1: An update that solves five vulnerabilities can now be installed. Category: security (important) Bug References: 1213269, 1218889, 1220134, 1222843, 1222845 CVE References: CVE-2023-3019, CVE-2023-6683, CVE-2024-24474, CVE-2024-3446, CVE-2024-3447 Maintenance Incident: [SUSE:Maintenance:33442](https://smelt.suse.de/incident/33442/) Sources used: openSUSE Leap 15.4 (src): qemu-linux-user-6.2.0-150400.37.29.1, qemu-6.2.0-150400.37.29.1 openSUSE Leap Micro 5.3 (src): qemu-6.2.0-150400.37.29.1 openSUSE Leap Micro 5.4 (src): qemu-6.2.0-150400.37.29.1 SUSE Linux Enterprise Micro for Rancher 5.3 (src): qemu-6.2.0-150400.37.29.1 SUSE Linux Enterprise Micro 5.3 (src): qemu-6.2.0-150400.37.29.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): qemu-6.2.0-150400.37.29.1 SUSE Linux Enterprise Micro 5.4 (src): qemu-6.2.0-150400.37.29.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): qemu-6.2.0-150400.37.29.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): qemu-6.2.0-150400.37.29.1 SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): qemu-6.2.0-150400.37.29.1 SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): qemu-6.2.0-150400.37.29.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): qemu-6.2.0-150400.37.29.1 SUSE Manager Proxy 4.3 (src): qemu-6.2.0-150400.37.29.1 SUSE Manager Retail Branch Server 4.3 (src): qemu-6.2.0-150400.37.29.1 SUSE Manager Server 4.3 (src): qemu-6.2.0-150400.37.29.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
All done, closing.