CVE-2024-8354
Qemu-kvm: usb: assertion failure in usb_ep_get()
Severity Score
4.7
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition.
Se encontró una falla en QEMU. Se produjo un error de aserción en la función usb_ep_get() en hw/net/core.c al intentar obtener el endpoint USB de un dispositivo USB. Esta falla puede permitir que un usuario invitado malintencionado y sin privilegios bloquee el proceso QEMU en el host y provoque una condición de denegación de servicio.
*Credits:
Red Hat would like to thank Antoine "Gravis" Assier de Pompignan (Fuzzinglabs) and Patrick Ventuzelo (Fuzzinglabs) for reporting this issue.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-08-30 CVE Reserved
- 2024-09-19 CVE Published
- 2024-09-19 CVE Updated
- ---------- EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-617: Reachable Assertion
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-8354 | Vdb Entry | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2313497 | Issue Tracking |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| - | - | - | - | - | ||||||