Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2024:9128

Опубликовано: 17 мар. 2025
Источник: rocky
Оценка: Moderate

Описание

Moderate: libvirt security update

Kernel-based Virtual Machine (KVM) offers a full virtualization solution forLinux on numerous hardware platforms. The virt:rhel module contains packageswhich provide user-space components used to run virtual machines using KVM.The packages also provide APIs for managing and interacting with the virtualized systems.

Security Fix(es):

  • libvirt: Crash of virtinterfaced via virConnectListInterfaces() (CVE-2024-8235)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 9.5 Release Notes linked from the References section.

Затронутые продукты

  • Rocky Linux 9

НаименованиеАрхитектураРелизRPM
libvirtx86_647.4.el9_5libvirt-10.5.0-7.4.el9_5.x86_64.rpm
libvirt-clientx86_647.4.el9_5libvirt-client-10.5.0-7.4.el9_5.x86_64.rpm
libvirt-client-qemux86_647.4.el9_5libvirt-client-qemu-10.5.0-7.4.el9_5.x86_64.rpm
libvirt-daemonx86_647.4.el9_5libvirt-daemon-10.5.0-7.4.el9_5.x86_64.rpm
libvirt-daemon-commonx86_647.4.el9_5libvirt-daemon-common-10.5.0-7.4.el9_5.x86_64.rpm
libvirt-daemon-config-networkx86_647.4.el9_5libvirt-daemon-config-network-10.5.0-7.4.el9_5.x86_64.rpm
libvirt-daemon-config-nwfilterx86_647.4.el9_5libvirt-daemon-config-nwfilter-10.5.0-7.4.el9_5.x86_64.rpm
libvirt-daemon-driver-interfacex86_647.4.el9_5libvirt-daemon-driver-interface-10.5.0-7.4.el9_5.x86_64.rpm
libvirt-daemon-driver-networkx86_647.4.el9_5libvirt-daemon-driver-network-10.5.0-7.4.el9_5.x86_64.rpm
libvirt-daemon-driver-nodedevx86_647.4.el9_5libvirt-daemon-driver-nodedev-10.5.0-7.4.el9_5.x86_64.rpm

Показывать по

Связанные CVE

CVE-2024-8235

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2024-8235

CVSS3: 6.2
ubuntu
около 1 года назад

A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon.

redhat логотип

CVE-2024-8235

CVSS3: 6.2
redhat
около 1 года назад

A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon.

nvd логотип

CVE-2024-8235

CVSS3: 6.2
nvd
около 1 года назад

A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon.

debian логотип

CVE-2024-8235

CVSS3: 6.2
debian
около 1 года назад

A flaw was found in libvirt. A refactor of the code fetching the list ...

redos логотип

ROS-20240911-01

CVSS3: 6.2
redos
около 1 года назад

Уязвимость libvirt