CVE-2024-8612

Publication date 20 September 2024

Last updated 29 October 2025

Ubuntu priority

Cvss 3 Severity Score

Description

A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in virtio_scsi_complete_req / virtio_blk_req_complete / virito_crypto_req_complete could be larger than the true size of the data which has been sent to guest. Once virtqueue_push() finally calls dma_memory_unmap to ummap the in_iov, it may call the address_space_write function to write back the data. Some uninitialized data may exist in the bounce.buffer, leading to an information leak.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
qemu	25.10 questing	Vulnerable, fix deferred
	25.04 plucky	Vulnerable, fix deferred
	24.10 oracular	Ignored end of life, was deferred [2025-10-29]
	24.04 LTS noble	Vulnerable, fix deferred
	22.04 LTS jammy	Vulnerable, fix deferred
	20.04 LTS focal	Vulnerable, fix deferred
	18.04 LTS bionic	Vulnerable, fix deferred
	16.04 LTS xenial	Vulnerable, fix deferred
	14.04 LTS trusty	Vulnerable, fix deferred

Notes

mdeslaur

as of 2025-10-29, the commit below only addresses the symptoms but not the root cause, the proper fix is still being discussed: https://lore.kernel.org/qemu-devel/20240926040912-mutt-send-email-mst@kernel.org/

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
qemu	Upstream: 637b0aa

Severity score breakdown

Parameter	Value
Base score	3.8 · Low
Attack vector	Local
Attack complexity	Low
Privileges required	Low
User interaction	None
Scope	Changed
Confidentiality	Low
Integrity impact	None
Availability impact	None
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N