CVE-2024-8612

Publication date 20 September 2024

Last updated 16 December 2024


Ubuntu priority

Cvss 3 Severity Score

3.8 · Low

Score breakdown

A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in virtio_scsi_complete_req / virtio_blk_req_complete / virito_crypto_req_complete could be larger than the true size of the data which has been sent to guest. Once virtqueue_push() finally calls dma_memory_unmap to ummap the in_iov, it may call the address_space_write function to write back the data. Some uninitialized data may exist in the bounce.buffer, leading to an information leak.

Read the notes from the security team

Status

Package Ubuntu Release Status
qemu 24.10 oracular
Vulnerable, fix deferred
24.04 LTS noble
Vulnerable, fix deferred
22.04 LTS jammy
Vulnerable, fix deferred
20.04 LTS focal
Vulnerable, fix deferred
18.04 LTS bionic
Vulnerable, fix deferred
16.04 LTS xenial
Vulnerable, fix deferred
14.04 LTS trusty Ignored end of ESM support, was deferred [2024-12-16]

Notes


mdeslaur

as of 2024-12-16, the commit below only addresses the symptoms but not the root cause, the proper fix is still being discussed: https://lore.kernel.org/qemu-devel/[email protected]/

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
qemu

Severity score breakdown

Parameter Value
Base score 3.8 · Low
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Scope Changed
Confidentiality Low
Integrity impact None
Availability impact None
Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N