{"id":"CVE-2024-3447","details":"A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s-\u003edata_count` and the size of  `s-\u003efifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.","modified":"2026-04-16T00:03:25.774875462Z","published":"2024-11-14T12:15:17.743Z","related":["SUSE-SU-2024:1394-1","SUSE-SU-2024:1438-1","SUSE-SU-2024:1438-2","SUSE-SU-2024:3229-1","SUSE-SU-2025:0692-1","SUSE-SU-2025:20011-1","openSUSE-SU-2024:13876-1"],"references":[{"type":"WEB","url":"https://patchew.org/QEMU/20240404085549.16987-1-philmd@linaro.org/"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/04/msg00042.html"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2024-3447"},{"type":"ADVISORY","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2274123"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20250425-0005/"},{"type":"REPORT","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58813"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2274123"},{"type":"EVIDENCE","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58813"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/qemu/qemu","events":[{"introduced":"0"},{"fixed":"c6fe0f315cfac9739c8d57ffa05c9c22d7ebd2cb"},{"introduced":"c1eb2ddf0f8075faddc5f7c3d39feae3e8e9d6b4"},{"fixed":"8216663a5c88968a62f67e4aa80807167efceb8d"}]}],"versions":["v8.0.0","v8.1.0","v8.1.0-rc0","v8.1.0-rc1","v8.1.0-rc2","v8.1.0-rc3","v8.1.0-rc4","v8.2.0","v8.2.0-rc0","v8.2.0-rc1","v8.2.0-rc2","v8.2.0-rc3","v8.2.0-rc4","v8.2.1","v8.2.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-3447.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"}]}