{"id":"AZL-60901","summary":"CVE-2024-3447 affecting package qemu for versions less than 8.2.0-16","details":"A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s-\u003edata_count` and the size of  `s-\u003efifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.","modified":"2026-04-01T05:19:41.045057Z","published":"2024-11-14T12:15:17Z","upstream":["CVE-2024-3447"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3447"}],"affected":[{"package":{"name":"qemu","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/qemu"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.2.0-16"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-60901.json"}}],"schema_version":"1.7.5"}