CVE-2024-8612

Qemu-kvm: information leak in virtio devices

Severity Score

3.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in virtio_scsi_complete_req / virtio_blk_req_complete / virito_crypto_req_complete could be larger than the true size of the data which has been sent to guest. Once virtqueue_push() finally calls dma_memory_unmap to ummap the in_iov, it may call the address_space_write function to write back the data. Some uninitialized data may exist in the bounce.buffer, leading to an information leak.

This update for qemu fixes the following issues. Fixed information leak in virtio devices. Fixed denial of service via improper synchronization in QEMU NBD Server during socket closure. Fixed heap buffer overflow in sdhci_write_dataport. Fixed ipxe build with new binutils.

*Credits: Red Hat would like to thank Xiao Lei (FSL team), Yiming Tao (FSL team), and Yongkang Jia (FSL team) for reporting this issue.

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-09-09 CVE Reserved
2024-09-20 CVE Published
2025-05-21 CVE Updated
2025-07-07 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (2)

URL	Tag	Source
https://access.redhat.com/security/cve/CVE-2024-8612	Vdb Entry
https://bugzilla.redhat.com/show_bug.cgi?id=2313760	Issue Tracking

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"		Advanced Virtualization Search vendor "Redhat" for product "Advanced Virtualization"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				*		-		Affected