CVE-2024-24474 – This CVE describes an integer underflow and buf... (How to Fix)

Q: What is the severity of CVE-2024-24474?

CVE-2024-24474 has a CVSS score of 8.8 (HIGH). This CVE describes an integer underflow and buffer overflow vulnerability in QEMU's SCSI emulation (esp.c). Attackers can exploit this to execute arbitrary code or cause denial-of-service on the QEMU host system. Affected users include anyone running vulnerable QEMU versions with SCSI device emulation enabled.

📋 TL;DR

This CVE describes an integer underflow and buffer overflow vulnerability in QEMU's SCSI emulation (esp.c). Attackers can exploit this to execute arbitrary code or cause denial-of-service on the QEMU host system. Affected users include anyone running vulnerable QEMU versions with SCSI device emulation enabled.

💻 Affected Systems

Products:

QEMU

Versions: All versions before 8.2.0

Operating Systems: Linux, Windows, macOS - any OS running QEMU

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when SCSI device emulation is enabled (esp device). Many QEMU configurations don't use SCSI by default.

📦 What is this software?

Qemu by Qemu

View all CVEs affecting Qemu →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full host compromise via arbitrary code execution on the QEMU hypervisor, potentially leading to escape from guest VM to host system.

🟠

Likely Case

Denial-of-service (QEMU process crash) or limited information disclosure from host memory.

🟢

If Mitigated

If proper network segmentation and access controls are in place, impact is limited to the specific QEMU instance and potentially adjacent VMs on same host.

🌐 Internet-Facing: MEDIUM - QEMU instances with SCSI emulation exposed to untrusted networks could be exploited remotely if guest VMs are compromised.

🏢 Internal Only: HIGH - In virtualized environments, compromised guest VMs could exploit this to attack the hypervisor or other VMs on same host.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires access to a guest VM with ability to send SCSI commands. Public PoC exists in references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: QEMU 8.2.0 and later

Vendor Advisory: https://gitlab.com/qemu-project/qemu/-/issues/1810

Restart Required: Yes

Instructions:

1. Update QEMU to version 8.2.0 or later. 2. Stop all QEMU instances. 3. Install updated package from your distribution's repository or compile from source. 4. Restart QEMU instances.

🔧 Temporary Workarounds

Disable SCSI emulation

all

Remove or disable ESP SCSI controller from QEMU configurations

Check QEMU command line or config files for '-device esp' or similar SCSI device options and remove them

Network segmentation

all

Isolate QEMU hosts from critical networks and implement strict access controls

🧯 If You Can't Patch

Disable SCSI device emulation in all QEMU configurations
Implement strict network segmentation and monitor for unusual SCSI command patterns

🔍 How to Verify

Check if Vulnerable:

Check QEMU version with 'qemu-system-x86_64 --version' or equivalent for your architecture. If version is below 8.2.0 and SCSI emulation is enabled, system is vulnerable.

Check Version:

qemu-system-x86_64 --version | head -1

Verify Fix Applied:

Verify QEMU version is 8.2.0 or later with 'qemu-system-x86_64 --version' and confirm no SCSI devices are configured unless necessary.

📡 Detection & Monitoring

Log Indicators:

QEMU process crashes
Kernel logs showing segmentation faults in QEMU
Unusual SCSI command patterns in QEMU logs

Network Indicators:

Unexpected SCSI command traffic to/from QEMU hosts

SIEM Query:

process_name:"qemu-system" AND (event_type:crash OR error_message:"segmentation fault")

📊 Metadata

CVE ID: CVE-2024-24474

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: February 20, 2024

Last Updated: June 25, 2025

🔗 References

https://gist.github.com/1047524396/5ce07b9d387095c276b1cd234ae5615e Third Party Advisory
https://github.com/qemu/qemu/commit/77668e4b9bca03a856c27ba899a2513ddf52bb52 Patch
https://gitlab.com/qemu-project/qemu/-/issues/1810 Exploit,Issue Tracking,Vendor Advisory
https://security.netapp.com/advisory/ntap-20240510-0012/ Third Party Advisory
https://gist.github.com/1047524396/5ce07b9d387095c276b1cd234ae5615e Third Party Advisory
https://github.com/qemu/qemu/commit/77668e4b9bca03a856c27ba899a2513ddf52bb52 Patch
https://gitlab.com/qemu-project/qemu/-/issues/1810 Exploit,Issue Tracking,Vendor Advisory
https://security.netapp.com/advisory/ntap-20240510-0012/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-24474, you might also want to check these: