CVE-2024-24474

Published: 20 February 2024

QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in esp_do_nodma in hw/scsi/esp.c because of an underflow of async_len.

Priority

Status

Package	Release	Status
qemu Launchpad, Ubuntu, Debian	bionic	Needs triage
	focal	Needed
	jammy	Needed
	mantic	Needed
	noble	Not vulnerable (1:8.2.1+ds-1ubuntu1)
	trusty	Needs triage
	upstream	Released (8.2.0)
	xenial	Needs triage
	Patches: upstream: https://github.com/qemu/qemu/commit/77668e4b9bca03a856c27ba899a2513ddf52bb52

References

https://gist.github.com/1047524396/5ce07b9d387095c276b1cd234ae5615e
https://www.cve.org/CVERecord?id=CVE-2024-24474
NVD
Launchpad
Debian

Bugs

https://gitlab.com/qemu-project/qemu/-/issues/1810

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›