Vulnerability CVE-2024-1441: Information
Description
An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.
Published: March 11, 2024
Modified: April 30, 2024
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
libvirt | sisyphus | 9.8.0-alt4 | 10.2.0-alt1 | ALT-PU-2024-3419-3 | 341975 | Fixed |
libvirt | sisyphus_riscv64 | 9.8.0-alt4 | 10.2.0-alt1 | ALT-PU-2024-3875-1 | - | Fixed |
libvirt | sisyphus_loongarch64 | 9.8.0-alt4 | 10.2.0-alt1 | ALT-PU-2024-3546-1 | - | Fixed |
libvirt | p10 | 9.7.0-alt2.p10.1 | 9.7.0-alt2.p10.2 | ALT-PU-2024-3467-3 | 342042 | Fixed |
libvirt | p9 | 7.3.0-alt0.p9.3 | 7.3.0-alt0.p9.3 | ALT-PU-2024-4683-3 | 343814 | Fixed |
libvirt | c10f1 | 9.7.0-alt2.p10.1 | 9.7.0-alt2.p10.2 | ALT-PU-2024-3772-3 | 342244 | Fixed |
libvirt | c9f2 | 7.3.0-alt0.p9.3 | 7.3.0-alt0.p9.3 | ALT-PU-2024-4685-3 | 343815 | Fixed |