Bug 2274339 (CVE-2024-3567)

Summary: CVE-2024-3567 qemu-kvm: net: assertion failure in update_sctp_checksum()
Product: [Other] Security Response Reporter: Mauro Matteo Cascella <mcascell>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: ailan, ddepaula, jen, jferlan, jmaloy, kkiwi, knoel, mrezanin, mst, nilal, pbonzini, ymankad
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2274340    
Bug Blocks: 2274342    

Description Mauro Matteo Cascella 2024-04-10 12:28:32 UTC 
An assertion failure issue was found in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. A malicious guest could use this flaw to crash QEMU and cause a denial of service condition.

Upstream issue & patch:
https://gitlab.com/qemu-project/qemu/-/issues/2273
https://patchew.org/QEMU/20240410070459.49112-1-philmd@linaro.org/
Comment 1 Mauro Matteo Cascella 2024-04-10 12:28:50 UTC 
Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 2274340]
Comment 4 errata-xmlrpc 2025-05-06 02:24:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:4492 https://access.redhat.com/errata/RHSA-2025:4492