CVE-2024-3567

Advisory lineage Upstream: 0 Downstream: 6

Downstream

DEBIAN-CVE-2024-3567 OPENSUSE-SU-2024:13876-1 RHSA-2025:4492 SUSE-SU-2025:20011-1 UBUNTU-CVE-2024-3567 USN-7744-1

Modified

Published: 10 Apr 2024, 14:32

Last modified:08 Nov 2025, 06:49

Vulnerability Summary

Overall Risk (default)

medium

32/100

CVSS Score

5.5 MEDIUM

v3.1 (cve.org)

EPSS Score

0.1% LOW

0% probability +0.02%

KEV

Not listed

Ransomware

No reports

Public exploits

1 found

Dark Web

Not detected

Timeline

10 Apr 2024, 14:32

Published

Vulnerability first disclosed

08 Nov 2025, 06:49

Last Modified

Vulnerability information updated

Description

A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition.

CVSS Metrics

v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.10%• Percentile: 27%

Techniques & Countermeasures

CWE-617•Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

Affected Systems

qemu•qemu
≥ 8.1.0, < 8.2.3 | 9.0.0:rc0 | 9.0.0:rc1 | 9.0.0:rc2
redhat•enterprise_linux
9.0