Skip to main content

Off-by-one Error


Severity High
Score 8.6/10


An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in "sdhci_read_dataport" and "sdhci_write_dataport", respectively, if "data_count == block_size". A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

  • LOW
  • NONE
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-193 - Off-by-one Error

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

Advisory Timeline

  • Published