Vulnerability CVE-2024-26328: Information

Description

An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, and thus interaction with hw/nvme/ctrl.c is mishandled.

URL: https://nvd.nist.gov/vuln/detail/CVE-2024-26328
Published: Feb. 19, 2024
Modified: April 19, 2024

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
qemusisyphus8.2.2-alt18.2.3-alt1ALT-PU-2024-6223-1344679Fixed
qemusisyphus_loongarch648.2.2-alt18.2.3-alt1ALT-PU-2024-6744-1-Fixed
qemup108.2.2-alt0.p108.2.2-alt0.p10.1ALT-PU-2024-6235-3344683Fixed
qemuc10f18.2.2-alt0.p10.18.2.2-alt0.p10.1ALT-PU-2024-7201-3345913Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://lore.kernel.org/all/20240213055345-mutt-send-email-mst%40kernel.org/
    https://security.netapp.com/advisory/ntap-20240419-0010/
      VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
      Version: v24.5.1
      Back to top