{"vulnerability": "CVE-2024-8612", "sightings": [{"uuid": "536ab437-62c4-46a6-86e2-5841b2c07176", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8612", "type": "seen", "source": "https://t.me/cvedetector/6118", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-8612 - QEMU Virtio Devices Memory Information Leak\", \n  \"Content\": \"CVE ID : CVE-2024-8612 \nPublished : Sept. 20, 2024, 6:15 p.m. | 16\u00a0minutes ago \nDescription : A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in virtio_scsi_complete_req / virtio_blk_req_complete / virito_crypto_req_complete could be larger than the true size of the data which has been sent to guest. Once virtqueue_push() finally calls dma_memory_unmap to ummap the in_iov, it may call the address_space_write function to write back the data. Some uninitialized data may exist in the bounce.buffer, leading to an information leak. \nSeverity: 3.8 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-20T20:35:25.000000Z"}, {"uuid": "877e2e78-cf0e-47bc-a5e7-6f1d877c9df4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-8612", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}]}