Vulnerabilities > CVE-2024-3567 - Reachable Assertion vulnerability in multiple products

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

qemu

redhat

CWE-617

NVD

Published: 2024-04-10

Updated: 2024-06-10

Summary

A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition.

Vulnerable Configurations

Part	Description	Count
Application	Qemu Qemu Qemu 8.1.0 Qemu Qemu 8.1.1 Qemu Qemu 8.1.2 Qemu Qemu 8.2.0 Qemu Qemu 8.2.1 Qemu Qemu 9.0.0	13
OS	Redhat Redhat Enterprise Linux 9.0	1

Common Weakness Enumeration (CWE)

CWE-617 - Reachable Assertion

References

https://access.redhat.com/security/cve/CVE-2024-3567
https://bugzilla.redhat.com/show_bug.cgi?id=2274339
https://gitlab.com/qemu-project/qemu/-/issues/2273