2292089 – (CVE-2024-6519, ZDI-CAN-23962) CVE-2024-6519 QEMU: SCSI: lsi53c895a: use-after-free local privilege escalation vulnerability

Bug 2292089 (CVE-2024-6519, ZDI-CAN-23962) - CVE-2024-6519 QEMU: SCSI: lsi53c895a: use-after-free local privilege escalation vulnerability

Summary: CVE-2024-6519 QEMU: SCSI: lsi53c895a: use-after-free local privilege escalati...

Keywords:
Status:	NEW
Alias:	CVE-2024-6519, ZDI-CAN-23962
Deadline:	2024-10-10
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2318139
Blocks:	2292093
TreeView+	depends on / blocked

Reported:	2024-06-12 23:03 UTC by Robb Gatica
Modified:	2024-11-15 13:44 UTC (History)
CC List:	15 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Robb Gatica 2024-06-12 23:03:51 UTC

There is an use-after-free vulnerability in QEMU LSI53C895A SCSI Host Bus Adapter emulation, which can lead to VM escape. The crash noticed in this case is an write to freed memory. But given the complexity of the freed structure, multiple primitives like dereferencing function pointers, etc., should be possible.

Note You need to log in before you can comment on or make changes to this bug.