{"id":"CVE-2024-8612","details":"A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in virtio_scsi_complete_req / virtio_blk_req_complete / virito_crypto_req_complete could be larger than the true size of the data which has been sent to guest. Once virtqueue_push() finally calls dma_memory_unmap to ummap the in_iov, it may call the address_space_write function to write back the data. Some uninitialized data may exist in the bounce.buffer, leading to an information leak.","modified":"2026-03-13T14:59:58.725980Z","published":"2024-09-20T18:15:04.743Z","related":["MGASA-2024-0387","SUSE-SU-2024:3744-1","SUSE-SU-2024:3948-1","SUSE-SU-2024:4094-1","SUSE-SU-2024:4304-1","SUSE-SU-2025:0692-1","SUSE-SU-2025:20076-1","openSUSE-SU-2024:14411-1"],"references":[{"type":"WEB","url":"https://access.redhat.com/security/cve/CVE-2024-8612"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20241108-0006/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2313760"},{"type":"FIX","url":"https://gitlab.com/qemu-project/qemu/-/commit/637b0aa139565cb82a7b9269e62214f87082635c"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/qemu-project/qemu","events":[{"introduced":"0"},{"fixed":"637b0aa139565cb82a7b9269e62214f87082635c"}]}],"versions":["v0.1.0","v0.1.1","v0.1.3","v0.1.4","v0.1.5","v0.1.6","v0.11.0-rc0","v0.12.0-rc0","v0.13.0-rc0","v0.14.0-rc0","v0.15.0-rc0","v0.2.0","v0.3.0","v0.4.0","v0.4.1","v0.4.2","v0.4.3","v0.4.4","v0.5.0","v1.0","v1.0-rc0","v1.0-rc1","v1.0-rc2","v1.0-rc3","v1.0-rc4","v1.1-rc0","v1.1-rc1","v1.1-rc2","v1.1.0","v1.1.0-rc2","v1.1.0-rc3","v1.1.0-rc4","v1.2.0","v1.2.0-rc0","v1.2.0-rc1","v1.2.0-rc2","v1.2.0-rc3","v1.3.0","v1.3.0-rc0","v1.3.0-rc1","v1.3.0-rc2","v1.4.0","v1.4.0-rc0","v1.4.0-rc1","v1.4.0-rc2","v1.5.0","v1.5.0-rc0","v1.5.0-rc1","v1.5.0-rc2","v1.5.0-rc3","v1.6.0","v1.6.0-rc0","v1.6.0-rc1","v1.6.0-rc2","v1.6.0-rc3","v1.7.0","v1.7.0-rc0","v1.7.0-rc1","v1.7.0-rc2","v2.0.0","v2.0.0-rc0","v2.0.0-rc1","v2.0.0-rc2","v2.0.0-rc3","v2.1.0","v2.1.0-rc0","v2.1.0-rc1","v2.1.0-rc2","v2.1.0-rc3","v2.1.0-rc4","v2.1.0-rc5","v2.10.0","v2.10.0-rc0","v2.10.0-rc1","v2.10.0-rc2","v2.10.0-rc3","v2.10.0-rc4","v2.11.0","v2.11.0-rc0","v2.11.0-rc1","v2.11.0-rc2","v2.11.0-rc3","v2.11.0-rc4","v2.11.0-rc5","v2.12.0","v2.12.0-rc0","v2.12.0-rc1","v2.12.0-rc2","v2.12.0-rc3","v2.12.0-rc4","v2.2.0","v2.2.0-rc0","v2.2.0-rc1","v2.2.0-rc2","v2.2.0-rc3","v2.2.0-rc4","v2.2.0-rc5","v2.3.0","v2.3.0-rc0","v2.3.0-rc1","v2.3.0-rc2","v2.3.0-rc3","v2.3.0-rc4","v2.4.0","v2.4.0-rc0","v2.4.0-rc1","v2.4.0-rc2","v2.4.0-rc3","v2.4.0-rc4","v2.5.0","v2.5.0-rc0","v2.5.0-rc1","v2.5.0-rc2","v2.5.0-rc3","v2.5.0-rc4","v2.6.0","v2.6.0-rc0","v2.6.0-rc1","v2.6.0-rc2","v2.6.0-rc3","v2.6.0-rc4","v2.6.0-rc5","v2.7.0","v2.7.0-rc0","v2.7.0-rc1","v2.7.0-rc2","v2.7.0-rc3","v2.7.0-rc4","v2.7.0-rc5","v2.8.0","v2.8.0-rc0","v2.8.0-rc1","v2.8.0-rc2","v2.8.0-rc3","v2.8.0-rc4","v2.9.0","v2.9.0-rc0","v2.9.0-rc1","v2.9.0-rc2","v2.9.0-rc3","v2.9.0-rc4","v2.9.0-rc5","v3.0.0","v3.0.0-rc0","v3.0.0-rc1","v3.0.0-rc2","v3.0.0-rc3","v3.0.0-rc4","v3.1.0","v3.1.0-rc0","v3.1.0-rc1","v3.1.0-rc2","v3.1.0-rc3","v3.1.0-rc4","v3.1.0-rc5","v4.0.0","v4.0.0-rc0","v4.0.0-rc1","v4.0.0-rc2","v4.0.0-rc3","v4.0.0-rc4","v4.1.0","v4.1.0-rc0","v4.1.0-rc1","v4.1.0-rc2","v4.1.0-rc3","v4.1.0-rc4","v4.1.0-rc5","v4.2.0","v4.2.0-rc0","v4.2.0-rc1","v4.2.0-rc2","v4.2.0-rc3","v4.2.0-rc4","v4.2.0-rc5","v5.0.0","v5.0.0-rc0","v5.0.0-rc1","v5.0.0-rc2","v5.0.0-rc3","v5.0.0-rc4","v5.1.0","v5.1.0-rc0","v5.1.0-rc1","v5.1.0-rc2","v5.1.0-rc3","v5.2.0","v5.2.0-rc0","v5.2.0-rc1","v5.2.0-rc2","v5.2.0-rc3","v5.2.0-rc4","v6.0.0","v6.0.0-rc0","v6.0.0-rc1","v6.0.0-rc2","v6.0.0-rc3","v6.0.0-rc4","v6.0.0-rc5","v6.1.0","v6.1.0-rc0","v6.1.0-rc1","v6.1.0-rc2","v6.1.0-rc3","v6.1.0-rc4","v6.2.0","v6.2.0-rc0","v6.2.0-rc1","v6.2.0-rc3","v6.2.0-rc4","v7.0.0","v7.0.0-rc0","v7.0.0-rc1","v7.0.0-rc2","v7.0.0-rc3","v7.0.0-rc4","v7.1.0","v7.1.0-rc0","v7.1.0-rc1","v7.1.0-rc2","v7.1.0-rc3","v7.1.0-rc4","v7.2.0","v7.2.0-rc0","v7.2.0-rc1","v7.2.0-rc2","v7.2.0-rc3","v7.2.0-rc4","v8.0.0","v8.0.0-rc0","v8.0.0-rc1","v8.0.0-rc2","v8.0.0-rc3","v8.0.0-rc4","v8.1.0","v8.1.0-rc0","v8.1.0-rc1","v8.1.0-rc2","v8.1.0-rc3","v8.1.0-rc4","v8.2.0","v8.2.0-rc0","v8.2.0-rc1","v8.2.0-rc2","v8.2.0-rc3","v8.2.0-rc4","v9.0.0","v9.0.0-rc0","v9.0.0-rc1","v9.0.0-rc2","v9.0.0-rc3","v9.0.0-rc4","v9.1.0","v9.1.0-rc0","v9.1.0-rc1","v9.1.0-rc2","v9.1.0-rc3","v9.1.0-rc4"],"database_specific":{"vanir_signatures":[{"deprecated":false,"id":"CVE-2024-8612-0db0fb30","target":{"file":"system/memory.c","function":"address_space_init"},"signature_type":"Function","digest":{"length":531,"function_hash":"132930612537335779920509481660983398955"},"signature_version":"v1","source":"https://gitlab.com/qemu-project/qemu@637b0aa139565cb82a7b9269e62214f87082635c"},{"deprecated":false,"id":"CVE-2024-8612-119b6fc6","target":{"file":"hw/pci/pci.c","function":"do_pci_register_device"},"signature_type":"Function","digest":{"length":3081,"function_hash":"320345154935702516298476972324358587699"},"signature_version":"v1","source":"https://gitlab.com/qemu-project/qemu@637b0aa139565cb82a7b9269e62214f87082635c"},{"deprecated":false,"id":"CVE-2024-8612-429a0938","target":{"file":"hw/pci/pci.c","function":"pci_device_class_init"},"signature_type":"Function","digest":{"length":234,"function_hash":"90132379395775269302738469515014332753"},"signature_version":"v1","source":"https://gitlab.com/qemu-project/qemu@637b0aa139565cb82a7b9269e62214f87082635c"},{"deprecated":false,"id":"CVE-2024-8612-5b104ca1","target":{"file":"include/exec/memory.h"},"signature_type":"Line","digest":{"line_hashes":["9247625198448316988026293439513667069","34355294354539034258534246361076733963","269259404107293633229143974564984626665","112281185139124980173536780051362086867","118416135963800301147568460821856196267","261676435263660979780647118193871361706","74409668556452770348014777606008771007","111550840252874566376204103575836112849","270894510902669733492531670996929672297","92091661918861599484832527522568904640","179811354238332953369322707277117273863","150791625311113059266033168368281747786","221237929465038685513794967038902424951","254699281943358603113005003423008803400"],"threshold":0.9},"signature_version":"v1","source":"https://gitlab.com/qemu-project/qemu@637b0aa139565cb82a7b9269e62214f87082635c"},{"deprecated":false,"id":"CVE-2024-8612-71378201","target":{"file":"hw/pci/pci.c"},"signature_type":"Line","digest":{"line_hashes":["141825883516723248210674029385510518521","220172297416463810511389149138719816477","253847633574127986466840348962194187587","82571666185059959064006208942608644524","160056858984875153372921408573944415868","331186706496620825781216683163275914390","259127814780485747343071133488836501779","312686064199382546430558232093797160109","51242548077162385187768593948946631967","285969852584277125162423857002746351736","182766543763088569387316739487624139745","75663345385728304372014842006173369137"],"threshold":0.9},"signature_version":"v1","source":"https://gitlab.com/qemu-project/qemu@637b0aa139565cb82a7b9269e62214f87082635c"},{"deprecated":false,"id":"CVE-2024-8612-8842e288","target":{"file":"include/hw/pci/pci_device.h"},"signature_type":"Line","digest":{"line_hashes":["212030065921287719902263664839868799567","307579687214904363735967596015637720273","206553969186879074444317740530121531668","250342487488875541605468948805837122128"],"threshold":0.9},"signature_version":"v1","source":"https://gitlab.com/qemu-project/qemu@637b0aa139565cb82a7b9269e62214f87082635c"},{"deprecated":false,"id":"CVE-2024-8612-95551ed8","target":{"file":"system/physmem.c","function":"address_space_unmap"},"signature_type":"Function","digest":{"length":651,"function_hash":"68709079643065923884344711921947273186"},"signature_version":"v1","source":"https://gitlab.com/qemu-project/qemu@637b0aa139565cb82a7b9269e62214f87082635c"},{"deprecated":false,"id":"CVE-2024-8612-98dddf53","target":{"file":"system/memory.c","function":"do_address_space_destroy"},"signature_type":"Function","digest":{"length":380,"function_hash":"234230482525813921501351488666082312312"},"signature_version":"v1","source":"https://gitlab.com/qemu-project/qemu@637b0aa139565cb82a7b9269e62214f87082635c"},{"deprecated":false,"id":"CVE-2024-8612-a238b53d","target":{"file":"system/physmem.c","function":"address_space_map"},"signature_type":"Function","digest":{"length":1085,"function_hash":"12576596688593351917133816058154942163"},"signature_version":"v1","source":"https://gitlab.com/qemu-project/qemu@637b0aa139565cb82a7b9269e62214f87082635c"},{"deprecated":false,"id":"CVE-2024-8612-d1796dcf","target":{"file":"system/physmem.c","function":"address_space_register_map_client"},"signature_type":"Function","digest":{"length":312,"function_hash":"47867800303015213411039157274273894973"},"signature_version":"v1","source":"https://gitlab.com/qemu-project/qemu@637b0aa139565cb82a7b9269e62214f87082635c"},{"deprecated":false,"id":"CVE-2024-8612-d22874e7","target":{"file":"system/physmem.c"},"signature_type":"Line","digest":{"line_hashes":["298894465517429150866321704508426735647","21154882694414907478638125279634488323","102842955437939774919743584591160289653","141258383194840138565343053354132474747","215680991620797655650374104009206417743","63742450741445510622406100308921073230","301895137409781346728138017252172216294","95189379972826440610452603078708999212","156964213064039327338301715997764562050","99987633925990798692377646094794217945","103975001403268657243789977940996603411","9924770301314948633235884199202408988","260381415762079245741897431451880601681","50092451512305357379270290948353737023","241848321176629765256317312561791754399","318489625226541336255906207663626924956","81394698093417742273669304011750520767","139242118942634174309365145019303088202","30839666397351539774433561603058040300","100279322493261987938740865955000124652","272323005910040705928817098456175258249","48109396530119630227691708761584515236","116367093136805225223875536582907525491","321311610861558722626561043544990984006","34823661942407832399875029457342921617","304677248384851600347160128054438420443","35867084733359447407001751889385940264","264729861947548417191339109249891445962","101988713296757606739906580763603441631","235874405939514805536675323401316591372","233729251347534748566956876900577159936","178756277341809811329516328531728142788","103902905878820799141106754075283468346","37460146646498924500832138270932076760","107551605417117423859040733537986421665","159533587609054828442460515778315548366","329964193503594276884539371665286511253","96683428949817994674902550443741344688","239761995920870992490980415050177261870","233581557902868949923354931258608249217","326256506154850707226606322258762780659","307272735507202142488180191245030076188","296497809946532098467051475710625605365","295333416675705764836621308586421975705","9655958618658473962397410670278683548","25872548868930899479367040984134239827","139517967155330120284836435034799829502","302333635482497358100682498248180202237"],"threshold":0.9},"signature_version":"v1","source":"https://gitlab.com/qemu-project/qemu@637b0aa139565cb82a7b9269e62214f87082635c"},{"deprecated":false,"id":"CVE-2024-8612-fb0ea558","target":{"file":"system/memory.c"},"signature_type":"Line","digest":{"line_hashes":["17559866560389524278308262295873208191","263160772200877472610679543581422586246","208028084269664552147725214183850395517","100011103878814517643735406897278175829","219768647389734577510320317337679597260","16494610825782906147817529312963542354","88799698088586633610654413278450790181","127410071986542291848916480186137483297"],"threshold":0.9},"signature_version":"v1","source":"https://gitlab.com/qemu-project/qemu@637b0aa139565cb82a7b9269e62214f87082635c"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-8612.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"}]}