Описание
An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the names array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.
Отчет
The off-by-one error discovered in libvirt's udevListInterfacesByStatus() function represents a moderate severity issue due to its potential to cause a denial of service (DoS) condition. The vulnerability occurs when the number of interfaces exceeds the length parameter, leading to a segmentation fault when a specially crafted entry is sent to the libvirt daemon. While exploitation requires the attacker to be unprivileged, the ability to crash the libvirt daemon could disrupt virtualization services. However, the impact is mitigated by the fact that it does not directly grant attackers privileged access or enable arbitrary code execution.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libvirt | Out of support scope | ||
| Red Hat Enterprise Linux 7 | libvirt | Out of support scope | ||
| Red Hat Enterprise Linux 8 | virt:rhel/libvirt | Will not fix | ||
| Red Hat Enterprise Linux 8 Advanced Virtualization | virt:av/libvirt | Affected | ||
| Red Hat Enterprise Linux 9 | libvirt | Fixed | RHSA-2024:2560 | 30.04.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.
An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.
An off-by-one error flaw was found in the udevListInterfacesByStatus() ...
An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.
EPSS
5.5 Medium
CVSS3