Vulnerabilities > CVE-2024-3567

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

qemu

redhat

NVD

Published: 2024-04-10

Updated: 2024-11-21

Summary

A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition.

Vulnerable Configurations

Part	Description	Count
Application	Qemu Qemu Qemu 8.1.0 Qemu Qemu 8.1.1 Qemu Qemu 8.1.2 Qemu Qemu 8.2.0 Qemu Qemu 8.2.1 Qemu Qemu 9.0.0	13
OS	Redhat Redhat Enterprise Linux 9.0	1

References

https://access.redhat.com/security/cve/CVE-2024-3567
https://access.redhat.com/security/cve/CVE-2024-3567
https://bugzilla.redhat.com/show_bug.cgi?id=2274339
https://bugzilla.redhat.com/show_bug.cgi?id=2274339
https://gitlab.com/qemu-project/qemu/-/issues/2273
https://gitlab.com/qemu-project/qemu/-/issues/2273
https://security.netapp.com/advisory/ntap-20240822-0007/

Vulnerabilities > CVE-2024-3567 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2024-3567"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2024-3567