{"id":"AZL-60196","summary":"CVE-2024-3447 affecting package qemu for versions less than 6.2.0-24","details":"A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s-\u003edata_count` and the size of  `s-\u003efifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.","modified":"2026-04-01T05:19:52.580465Z","published":"2024-11-14T12:15:17Z","upstream":["CVE-2024-3447"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3447"}],"affected":[{"package":{"name":"qemu","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/qemu"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.2.0-24"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-60196.json"}}],"schema_version":"1.7.5"}