A heap-based buffer overflow was found in the SDHCI...
Moderate severity
Unreviewed
Published
Nov 14, 2024
to the GitHub Advisory Database
•
Updated Nov 14, 2024
Description
Published by the National Vulnerability Database
Nov 14, 2024
Published to the GitHub Advisory Database
Nov 14, 2024
Last updated
Nov 14, 2024
A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both
s->data_count
and the size ofs->fifo_buffer
are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.References