cvelistv5 - cve-2024-6519

CVE-2024-6519 (GCVE-0-2024-6519)

Vulnerability from cvelistv5 – Published: 2024-10-21 14:36 – Updated: 2024-10-21 15:49

Summary

A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape.

Severity ?

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

fedora

References

URL

Tags

	https://access.redhat.com/security/cve/CVE-2024-6519	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2292089	issue-trackingx_refsource_REDHAT
	https://www.zerodayinitiative.com/advisories/ZDI-…

Impacted products

Vendor

Product

Version

Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 8 Advanced Virtualization	cpe:/a:redhat:advanced_virtualization:8::el8
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9

Credits

Red Hat would like to thank Cyrille Chatras (Trend Micro Zero Day Initiative) for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6519",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-21T15:49:12.959240Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T15:49:23.239Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/qemu/qemu",
          "defaultStatus": "affected",
          "packageName": "qemu"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "qemu-kvm",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "qemu-kvm",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "qemu-kvm-ma",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "virt:rhel/qemu-kvm",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:advanced_virtualization:8::el8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "virt:av/qemu-kvm",
          "product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "qemu-kvm",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Cyrille Chatras (Trend Micro Zero Day Initiative) for reporting this issue."
        }
      ],
      "datePublic": "2024-10-10T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-21T14:36:40.115Z",
        "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "shortName": "fedora"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-6519"
        },
        {
          "name": "RHBZ#2292089",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292089"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1382/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-06-12T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-10-10T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Qemu: scsi: lsi53c895a: use-after-free local privilege escalation vulnerability",
      "x_redhatCweChain": "CWE-416: Use After Free"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
    "assignerShortName": "fedora",
    "cveId": "CVE-2024-6519",
    "datePublished": "2024-10-21T14:36:40.115Z",
    "dateReserved": "2024-07-04T19:12:32.075Z",
    "dateUpdated": "2024-10-21T15:49:23.239Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape.\"}, {\"lang\": \"es\", \"value\": \"Se encontr\\u00f3 una vulnerabilidad de use after free en la emulaci\\u00f3n del adaptador de bus host SCSI QEMU LSI53C895A. Este problema puede provocar un bloqueo o un escape de la m\\u00e1quina virtual.\"}]",
      "id": "CVE-2024-6519",
      "lastModified": "2024-10-21T17:09:45.417",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"patrick@puiterwijk.org\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 8.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.5, \"impactScore\": 6.0}]}",
      "published": "2024-10-21T15:15:03.727",
      "references": "[{\"url\": \"https://access.redhat.com/security/cve/CVE-2024-6519\", \"source\": \"patrick@puiterwijk.org\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2292089\", \"source\": \"patrick@puiterwijk.org\"}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-24-1382/\", \"source\": \"patrick@puiterwijk.org\"}]",
      "sourceIdentifier": "patrick@puiterwijk.org",
      "vulnStatus": "Undergoing Analysis",
      "weaknesses": "[{\"source\": \"patrick@puiterwijk.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-6519\",\"sourceIdentifier\":\"patrick@puiterwijk.org\",\"published\":\"2024-10-21T15:15:03.727\",\"lastModified\":\"2025-08-08T16:13:16.730\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una vulnerabilidad de use after free en la emulaci\u00f3n del adaptador de bus host SCSI QEMU LSI53C895A. Este problema puede provocar un bloqueo o un escape de la m\u00e1quina virtual.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"patrick@puiterwijk.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.5,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"patrick@puiterwijk.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D9E0C78-9678-4CEE-9389-962CF618A51F\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/security/cve/CVE-2024-6519\",\"source\":\"patrick@puiterwijk.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2292089\",\"source\":\"patrick@puiterwijk.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-24-1382/\",\"source\":\"patrick@puiterwijk.org\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-6519\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-21T15:49:12.959240Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-21T15:49:19.478Z\"}}], \"cna\": {\"title\": \"Qemu: scsi: lsi53c895a: use-after-free local privilege escalation vulnerability\", \"credits\": [{\"lang\": \"en\", \"value\": \"Red Hat would like to thank Cyrille Chatras (Trend Micro Zero Day Initiative) for reporting this issue.\"}], \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.2, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"packageName\": \"qemu\", \"collectionURL\": \"https://github.com/qemu/qemu\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 6\", \"packageName\": \"qemu-kvm\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"packageName\": \"qemu-kvm\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"packageName\": \"qemu-kvm-ma\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"packageName\": \"virt:rhel/qemu-kvm\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_virtualization:8::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8 Advanced Virtualization\", \"packageName\": \"virt:av/qemu-kvm\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"packageName\": \"qemu-kvm\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-06-12T00:00:00+00:00\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2024-10-10T00:00:00+00:00\", \"value\": \"Made public.\"}], \"datePublic\": \"2024-10-10T00:00:00+00:00\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2024-6519\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2292089\", \"name\": \"RHBZ#2292089\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-24-1382/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5\", \"shortName\": \"fedora\", \"dateUpdated\": \"2024-10-21T14:36:40.115Z\"}, \"x_redhatCweChain\": \"CWE-416: Use After Free\"}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-6519\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-21T15:49:23.239Z\", \"dateReserved\": \"2024-07-04T19:12:32.075Z\", \"assignerOrgId\": \"92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5\", \"datePublished\": \"2024-10-21T14:36:40.115Z\", \"assignerShortName\": \"fedora\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-V9PM-V9P5-H96X

Vulnerability from github – Published: 2024-10-21 15:32 – Updated: 2024-10-21 15:32

Details

A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape.

Severity ?

8.2 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-6519"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T15:15:03Z",
    "severity": "HIGH"
  },
  "details": "A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape.",
  "id": "GHSA-v9pm-v9p5-h96x",
  "modified": "2024-10-21T15:32:27Z",
  "published": "2024-10-21T15:32:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6519"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2024-6519"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292089"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1382"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2024-6519

Vulnerability from fkie_nvd - Published: 2024-10-21 15:15 - Updated: 2025-08-08 16:13

Severity ?

8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Summary

A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape.

References

URL	Tags
patrick@puiterwijk.org	https://access.redhat.com/security/cve/CVE-2024-6519	Third Party Advisory
patrick@puiterwijk.org	https://bugzilla.redhat.com/show_bug.cgi?id=2292089	Issue Tracking, Third Party Advisory
patrick@puiterwijk.org	https://www.zerodayinitiative.com/advisories/ZDI-24-1382/	Third Party Advisory

Impacted products

	Vendor	Product	Version
	qemu	qemu	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D9E0C78-9678-4CEE-9389-962CF618A51F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 una vulnerabilidad de use after free en la emulaci\u00f3n del adaptador de bus host SCSI QEMU LSI53C895A. Este problema puede provocar un bloqueo o un escape de la m\u00e1quina virtual."
    }
  ],
  "id": "CVE-2024-6519",
  "lastModified": "2025-08-08T16:13:16.730",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 6.0,
        "source": "patrick@puiterwijk.org",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-10-21T15:15:03.727",
  "references": [
    {
      "source": "patrick@puiterwijk.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2024-6519"
    },
    {
      "source": "patrick@puiterwijk.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292089"
    },
    {
      "source": "patrick@puiterwijk.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1382/"
    }
  ],
  "sourceIdentifier": "patrick@puiterwijk.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "patrick@puiterwijk.org",
      "type": "Secondary"
    }
  ]
}

CNVD-2024-44506

Vulnerability from cnvd - Published: 2024-11-06

Title

QEMU资源管理错误漏洞（CNVD-2024-44506）

Description

QEMU（Quick Emulator）是一套模拟处理器软件。该软件具有速度快、跨平台等特点。 QEMU存在安全漏洞，该漏洞源于存在释放后重用漏洞，会导致崩溃或虚拟机逃逸。攻击者可以利用该漏洞造成信息泄露。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.qemu.org

Reference

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6519

Impacted products

Name
Qemu QEMU

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-6519",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-6519"
    }
  },
  "description": "QEMU\uff08Quick Emulator\uff09\u662f\u4e00\u5957\u6a21\u62df\u5904\u7406\u5668\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u5177\u6709\u901f\u5ea6\u5feb\u3001\u8de8\u5e73\u53f0\u7b49\u7279\u70b9\u3002\n\nQEMU\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5b58\u5728\u91ca\u653e\u540e\u91cd\u7528\u6f0f\u6d1e\uff0c\u4f1a\u5bfc\u81f4\u5d29\u6e83\u6216\u865a\u62df\u673a\u9003\u9038\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u4fe1\u606f\u6cc4\u9732\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.qemu.org",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-44506",
  "openTime": "2024-11-06",
  "products": {
    "product": "Qemu QEMU"
  },
  "referenceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6519",
  "serverity": "\u4e2d",
  "submitTime": "2024-11-05",
  "title": "QEMU\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2024-44506\uff09"
}

WID-SEC-W-2024-3155

Vulnerability from csaf_certbund - Published: 2024-10-13 22:00 - Updated: 2025-02-04 23:00

Summary

QEMU: Schwachstelle ermöglicht Privilegieneskalation oder DoS

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

QEMU ist eine freie Virtualisierungssoftware, die die gesamte Hardware eines Computers emuliert.

Angriff

Ein lokaler Angreifer kann eine Schwachstelle in QEMU ausnutzen, um seine Privilegien zu erhöhen oder eine Denial-of-Service-Situation zu erzeugen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "QEMU ist eine freie Virtualisierungssoftware, die die gesamte Hardware eines Computers emuliert.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann eine Schwachstelle in QEMU ausnutzen, um seine Privilegien zu erh\u00f6hen oder eine Denial-of-Service-Situation zu erzeugen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-3155 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3155.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-3155 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3155"
      },
      {
        "category": "external",
        "summary": "RedHat Customer Portal vom 2024-10-13",
        "url": "https://access.redhat.com/security/cve/cve-2024-6519"
      },
      {
        "category": "external",
        "summary": "Red Hat Bugzilla vom 2024-10-13",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292089"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2025-2742 vom 2025-02-04",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2025-2742.html"
      }
    ],
    "source_lang": "en-US",
    "title": "QEMU: Schwachstelle erm\u00f6glicht Privilegieneskalation oder DoS",
    "tracking": {
      "current_release_date": "2025-02-04T23:00:00.000+00:00",
      "generator": {
        "date": "2025-02-05T09:41:13.995+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2024-3155",
      "initial_release_date": "2024-10-13T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-10-13T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-02-04T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Amazon aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "LSI53C895A SCSI Host Bus Adapter",
                "product": {
                  "name": "Open Source QEMU LSI53C895A SCSI Host Bus Adapter",
                  "product_id": "T038290",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:qemu:qemu:lsi53c895a_scsi_host_bus_adapter"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "QEMU"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-6519",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in QEMU. Dieser Fehler existiert wegen eines Use-after-free-Problems in der LSI53C895A SCSI Host Bus Adapter-Emulation. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder aus der virtuellen Umgebung zu entkommen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038290",
          "398363"
        ]
      },
      "release_date": "2024-10-13T22:00:00.000+00:00",
      "title": "CVE-2024-6519"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-6519 (GCVE-0-2024-6519)

GHSA-V9PM-V9P5-H96X

FKIE_CVE-2024-6519

CNVD-2024-44506

WID-SEC-W-2024-3155

Tags

Sightings

Nomenclature