CVE-2024-8354

Advisory lineage Upstream: 0 Downstream: 10

Downstream

DEBIAN-CVE-2024-8354 MGASA-2024-0387 SUSE-SU-2024:3744-1 SUSE-SU-2024:3948-1 SUSE-SU-2024:4094-1 SUSE-SU-2024:4304-1

Modified

Published: 19 Sept 2024, 10:45

Last modified:08 Nov 2025, 08:56

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

v3.1 (cve.org)

EPSS Score

0.04% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

19 Sept 2024, 10:45

Published

Vulnerability first disclosed

08 Nov 2025, 08:56

Last Modified

Vulnerability information updated

Description

A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition.

CVSS Metrics

v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.04%• Percentile: 14%

Techniques & Countermeasures

CWE-617•Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

Affected Systems

qemu•qemu
na
redhat•enterprise_linux
6.0 | 7.0 | 8.0 | 9.0