CVE-2024-3447: 
NixOS vulnerability analysis and mitigation

A heap-based buffer overflow vulnerability (CVE-2024-3447) was discovered in the SDHCI device emulation of QEMU. The vulnerability was identified in April 2024 and affects QEMU's SD Host Controller Interface implementation. The issue occurs when both s->data_count and the size of s->fifo_buffer are set to 0x200, leading to an out-of-bound access (NVD, RedHat Bugzilla).

The vulnerability is triggered when specific conditions are met in the SDHCI device emulation, specifically when both s->data_count and the size of s->fifo_buffer are set to 0x200. This results in a heap-based buffer overflow condition in the sdhciwritedataport function. The CVSS 3.1 score assigned by Fedora Project is 6.0 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H (NVD).

When exploited, this vulnerability allows a malicious guest to crash the QEMU process on the host, resulting in a denial of service condition. The impact is limited to availability, with no direct impact on confidentiality or integrity (NVD, RedHat Bugzilla).

A fix has been developed and committed to the QEMU project. The patch modifies the sdhciwritedataport function to properly handle excess data writes by discarding them instead of allowing buffer overflow. The fix has been implemented in the upstream QEMU repository (QEMU Patch).