vulnerability
Red Hat: CVE-2024-26327: QEMU: SR-IOV: improper validation of NumVFs leads to buffer overflow (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:N/I:N/A:C) | Feb 19, 2024 | Nov 13, 2024 | May 12, 2025 |
Severity
5
CVSS
(AV:L/AC:L/Au:S/C:N/I:N/A:C)
Published
Feb 19, 2024
Added
Nov 13, 2024
Modified
May 12, 2025
Description
An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations.
Solution(s)
redhat-upgrade-qemu-guest-agentredhat-upgrade-qemu-guest-agent-debuginforedhat-upgrade-qemu-imgredhat-upgrade-qemu-img-debuginforedhat-upgrade-qemu-kvmredhat-upgrade-qemu-kvm-audio-dbus-debuginforedhat-upgrade-qemu-kvm-audio-paredhat-upgrade-qemu-kvm-audio-pa-debuginforedhat-upgrade-qemu-kvm-block-blkioredhat-upgrade-qemu-kvm-block-blkio-debuginforedhat-upgrade-qemu-kvm-block-curlredhat-upgrade-qemu-kvm-block-curl-debuginforedhat-upgrade-qemu-kvm-block-rbdredhat-upgrade-qemu-kvm-block-rbd-debuginforedhat-upgrade-qemu-kvm-commonredhat-upgrade-qemu-kvm-common-debuginforedhat-upgrade-qemu-kvm-coreredhat-upgrade-qemu-kvm-core-debuginforedhat-upgrade-qemu-kvm-debuginforedhat-upgrade-qemu-kvm-debugsourceredhat-upgrade-qemu-kvm-device-display-virtio-gpuredhat-upgrade-qemu-kvm-device-display-virtio-gpu-ccwredhat-upgrade-qemu-kvm-device-display-virtio-gpu-ccw-debuginforedhat-upgrade-qemu-kvm-device-display-virtio-gpu-debuginforedhat-upgrade-qemu-kvm-device-display-virtio-gpu-pciredhat-upgrade-qemu-kvm-device-display-virtio-gpu-pci-debuginforedhat-upgrade-qemu-kvm-device-display-virtio-vgaredhat-upgrade-qemu-kvm-device-display-virtio-vga-debuginforedhat-upgrade-qemu-kvm-device-usb-hostredhat-upgrade-qemu-kvm-device-usb-host-debuginforedhat-upgrade-qemu-kvm-device-usb-redirectredhat-upgrade-qemu-kvm-device-usb-redirect-debuginforedhat-upgrade-qemu-kvm-docsredhat-upgrade-qemu-kvm-tests-debuginforedhat-upgrade-qemu-kvm-toolsredhat-upgrade-qemu-kvm-tools-debuginforedhat-upgrade-qemu-kvm-ui-dbus-debuginforedhat-upgrade-qemu-kvm-ui-egl-headlessredhat-upgrade-qemu-kvm-ui-egl-headless-debuginforedhat-upgrade-qemu-kvm-ui-openglredhat-upgrade-qemu-kvm-ui-opengl-debuginforedhat-upgrade-qemu-pr-helperredhat-upgrade-qemu-pr-helper-debuginfo
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.