CVE-2024-3567
Qemu-kvm: net: assertion failure in update_sctp_checksum()
Severity Score
5.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition.
Se encontró una falla en QEMU. Se produjo un error de aserción en la función update_sctp_checksum() en hw/net/net_tx_pkt.c al intentar calcular la suma de comprobación de un paquete fragmentado de tamaño corto. Esta falla permite que un invitado malintencionado bloquee QEMU y provoque una condición de denegación de servicio.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-04-10 CVE Reserved
- 2024-04-10 CVE Published
- 2024-06-11 EPSS Updated
- 2024-11-15 CVE Updated
- 2024-11-15 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-617: Reachable Assertion
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2274339 | Issue Tracking |
| URL | Date | SRC |
|---|---|---|
| https://gitlab.com/qemu-project/qemu/-/issues/2273 | 2024-11-15 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-3567 | 2024-06-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | >= 8.1.0 < 8.2.3 Search vendor "Qemu" for product "Qemu" and version " >= 8.1.0 < 8.2.3" | - |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 9.0.0 Search vendor "Qemu" for product "Qemu" and version "9.0.0" | rc0 |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 9.0.0 Search vendor "Qemu" for product "Qemu" and version "9.0.0" | rc1 |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 9.0.0 Search vendor "Qemu" for product "Qemu" and version "9.0.0" | rc2 |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0" | - |
Affected
| ||||||