Описание
A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon.
Отчет
This bug was introduced in libvirt-10.4.0. All versions of libvirt as shipped in Red Hat Enterprise Linux prior to RHEL-9.5 are unaffected by this CVE.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | libvirt | Affected | ||
| Red Hat Enterprise Linux 6 | libvirt | Not affected | ||
| Red Hat Enterprise Linux 7 | libvirt | Not affected | ||
| Red Hat Enterprise Linux 8 | virt:rhel/libvirt | Not affected | ||
| Red Hat Enterprise Linux 8 Advanced Virtualization | virt:av/libvirt | Not affected | ||
| Red Hat Enterprise Linux 9 | libvirt | Fixed | RHSA-2024:9128 | 12.11.2024 |
Показывать по
Дополнительная информация
Статус:
6.2 Medium
CVSS3
Связанные уязвимости
A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon.
A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon.
A flaw was found in libvirt. A refactor of the code fetching the list ...
A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon.
6.2 Medium
CVSS3