Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2024:3253

Опубликовано: 14 июн. 2024
Источник: rocky
Оценка: Moderate

Описание

Moderate: virt:rhel and virt-devel:rhel security update

Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.

Security Fix(es):

  • libvirt: negative g_new0 length can lead to unbounded memory allocation (CVE-2024-2494)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
hivexx86_6423.module+el8.10.0+1590+a67ab969hivex-1.3.18-23.module+el8.10.0+1590+a67ab969.x86_64.rpm
hivex-develx86_6423.module+el8.10.0+1590+a67ab969hivex-devel-1.3.18-23.module+el8.10.0+1590+a67ab969.x86_64.rpm
libguestfsx86_649.module+el8.10.0+1590+a67ab969.rockylibguestfs-1.44.0-9.module+el8.10.0+1590+a67ab969.rocky.x86_64.rpm
libguestfs-appliancex86_649.module+el8.10.0+1590+a67ab969.rockylibguestfs-appliance-1.44.0-9.module+el8.10.0+1590+a67ab969.rocky.x86_64.rpm
libguestfs-bash-completionnoarch9.module+el8.10.0+1590+a67ab969.rockylibguestfs-bash-completion-1.44.0-9.module+el8.10.0+1590+a67ab969.rocky.noarch.rpm
libguestfs-bash-completionnoarch9.module+el8.10.0+1590+a67ab969.rockylibguestfs-bash-completion-1.44.0-9.module+el8.10.0+1590+a67ab969.rocky.noarch.rpm
libguestfs-develx86_649.module+el8.10.0+1590+a67ab969.rockylibguestfs-devel-1.44.0-9.module+el8.10.0+1590+a67ab969.rocky.x86_64.rpm
libguestfs-gfs2x86_649.module+el8.10.0+1590+a67ab969.rockylibguestfs-gfs2-1.44.0-9.module+el8.10.0+1590+a67ab969.rocky.x86_64.rpm
libguestfs-gobjectx86_649.module+el8.10.0+1590+a67ab969.rockylibguestfs-gobject-1.44.0-9.module+el8.10.0+1590+a67ab969.rocky.x86_64.rpm
libguestfs-gobject-develx86_649.module+el8.10.0+1590+a67ab969.rockylibguestfs-gobject-devel-1.44.0-9.module+el8.10.0+1590+a67ab969.rocky.x86_64.rpm

Показывать по

Связанные CVE

CVE-2024-2494

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2024-2494

CVSS3: 6.2
ubuntu
больше 1 года назад

A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.

redhat логотип

CVE-2024-2494

CVSS3: 6.2
redhat
больше 1 года назад

A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.

nvd логотип

CVE-2024-2494

CVSS3: 6.2
nvd
больше 1 года назад

A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.

msrc логотип

CVE-2024-2494

CVSS3: 6.2
msrc
больше 1 года назад

Описание отсутствует

debian логотип

CVE-2024-2494

CVSS3: 6.2
debian
больше 1 года назад

A flaw was found in the RPC library APIs of libvirt. The RPC server de ...