Unrated severityNVD Advisory· Published Feb 19, 2024· Updated Aug 2, 2024

CVE-2024-26327

Description

An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations.

Affected products

QEMU/QEMUdescription
osv-coords25 versions
pkg:rpm/almalinux/qemu-guest-agent pkg:rpm/almalinux/qemu-img pkg:rpm/almalinux/qemu-kvm pkg:rpm/almalinux/qemu-kvm-audio-pa pkg:rpm/almalinux/qemu-kvm-block-blkio pkg:rpm/almalinux/qemu-kvm-block-curl pkg:rpm/almalinux/qemu-kvm-block-rbd pkg:rpm/almalinux/qemu-kvm-common pkg:rpm/almalinux/qemu-kvm-core pkg:rpm/almalinux/qemu-kvm-device-display-virtio-gpu pkg:rpm/almalinux/qemu-kvm-device-display-virtio-gpu-ccw pkg:rpm/almalinux/qemu-kvm-device-display-virtio-gpu-pci pkg:rpm/almalinux/qemu-kvm-device-display-virtio-vga pkg:rpm/almalinux/qemu-kvm-device-usb-host pkg:rpm/almalinux/qemu-kvm-device-usb-redirect pkg:rpm/almalinux/qemu-kvm-docs pkg:rpm/almalinux/qemu-kvm-tools pkg:rpm/almalinux/qemu-kvm-ui-egl-headless pkg:rpm/almalinux/qemu-kvm-ui-opengl pkg:rpm/almalinux/qemu-pr-helper pkg:rpm/opensuse/qemu&distro=openSUSE%20Leap%2015.5 pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5 pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP5
< 17:9.0.0-10.el9_5+ 24 more
- (no CPE)range: < 17:9.0.0-10.el9_5
- (no CPE)range: < 17:9.0.0-10.el9_5
- (no CPE)range: < 17:9.0.0-10.el9_5
- (no CPE)range: < 17:9.0.0-10.el9_5
- (no CPE)range: < 17:9.0.0-10.el9_5
- (no CPE)range: < 17:9.0.0-10.el9_5
- (no CPE)range: < 17:9.0.0-10.el9_5
- (no CPE)range: < 17:9.0.0-10.el9_5
- (no CPE)range: < 17:9.0.0-10.el9_5
- (no CPE)range: < 17:9.0.0-10.el9_5
- (no CPE)range: < 17:9.0.0-10.el9_5
- (no CPE)range: < 17:9.0.0-10.el9_5
- (no CPE)range: < 17:9.0.0-10.el9_5
- (no CPE)range: < 17:9.0.0-10.el9_5
- (no CPE)range: < 17:9.0.0-10.el9_5
- (no CPE)range: < 17:9.0.0-10.el9_5
- (no CPE)range: < 17:9.0.0-10.el9_5
- (no CPE)range: < 17:9.0.0-10.el9_5
- (no CPE)range: < 17:9.0.0-10.el9_5
- (no CPE)range: < 17:9.0.0-10.el9_5
- (no CPE)range: < 7.1.0-150500.49.12.1
- (no CPE)range: < 7.1.0-150500.49.12.1
- (no CPE)range: < 7.1.0-150500.49.12.1
- (no CPE)range: < 7.1.0-150500.49.12.1
- (no CPE)range: < 7.1.0-150500.49.12.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000