CVE-2024-3567

Public Exploit

Qemu-kvm: net: assertion failure in update_sctp_checksum()

Description

A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition.

References

Link	Tags
https://access.redhat.com/errata/RHSA-2025:4492	vendor advisory
https://access.redhat.com/security/cve/CVE-2024-3567	vdb entry vendor advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2274339	issue tracking
https://gitlab.com/qemu-project/qemu/-/issues/2273	issue tracking exploit
https://security.netapp.com/advisory/ntap-20240822-0007/

Frequently Asked Questions

What is the severity of CVE-2024-3567?: CVE-2024-3567 has been scored as a medium severity vulnerability.
How to fix CVE-2024-3567?: To fix CVE-2024-3567, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-3567 being actively exploited in the wild?: It is possible that CVE-2024-3567 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-3567?: CVE-2024-3567 affects Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 6, Red Hat Red Hat Enterprise Linux 7, Red Hat Red Hat Enterprise Linux 7, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 8 Advanced Virtualization.

Description

Category

CWE-617 – Reachable Assertion

References

Frequently Asked Questions