Unrated severityNVD Advisory· Published Feb 19, 2024· Updated Nov 6, 2024

CVE-2024-26328

Description

An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, and thus interaction with hw/nvme/ctrl.c is mishandled.

Affected products

QEMU/QEMUdescription
osv-coords7 versions
pkg:rpm/opensuse/qemu&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/qemu&distro=openSUSE%20Tumbleweed pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5 pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP5 pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Micro%206.0
< 7.1.0-150500.49.12.1+ 6 more
- (no CPE)range: < 7.1.0-150500.49.12.1
- (no CPE)range: < 8.2.2-2.1
- (no CPE)range: < 7.1.0-150500.49.12.1
- (no CPE)range: < 7.1.0-150500.49.12.1
- (no CPE)range: < 7.1.0-150500.49.12.1
- (no CPE)range: < 7.1.0-150500.49.12.1
- (no CPE)range: < 8.2.5-1.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000