CVE-2024-8354 — Reachable Assertion in Redhat Enterprise Linux

CWE-617 — Reachable Assertion10 documents8 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 86.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Redhat Enterprise Linux

Timeline

PublishedSep 19

Latest updateMar 4

Description

A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶Debianqemu/qemu< 1:10.1.1+ds-1

▶Ubuntuqemu/qemu< 1:6.2+dfsg-2ubuntu6.28+2

Also affects: Enterprise Linux 6.0, 7.0, 8.0, 9.0

🔴Vulnerability Details

OSV

qemu vulnerabilities↗2026-03-04

▶

OSV

CVE-2024-8354: A flaw was found in QEMU↗2024-09-19

▶

GHSA

GHSA-xx3p-5m4j-rhw8: A flaw was found in QEMU↗2024-09-19

▶

CVEList

Qemu-kvm: usb: assertion failure in usb_ep_get()↗2024-09-19

▶

📋Vendor Advisories

Ubuntu

QEMU vulnerabilities↗2026-03-04

▶

Ubuntu

QEMU vulnerabilities↗2025-09-11

▶

Microsoft

Qemu-kvm: usb: assertion failure in usb_ep_get()↗2024-09-10

▶

Red Hat

qemu-kvm: usb: assertion failure in usb_ep_get()↗2024-08-30

▶

Debian

CVE-2024-8354: qemu - A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() f...↗2024

▶