Lucene search

[email protected]CVE-2024-26327

HistoryFeb 19, 2024 - 5:15 a.m.

CVE-2024-26327

2024-02-1905:15:22

CWE-122

[email protected]

web.nvd.nist.gov

3204

qemu

buffer overflow

nvd

cve-2024-26327

5.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations.

References

lore.kernel.org/all/20240214-reuse-v4-5-89ad093a07f4%40daynix.com/

security.netapp.com/advisory/ntap-20240419-0010/

5.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-26327

vulnrichment1 cvelist1 prion1 nvd1 debiancve1 redhatcve1 ubuntucve1 openvas1 redos1 nessus2