First published: Mon Feb 12 2024(Updated: )
An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/libvirt | <10.1.0 | 10.1.0 |
ubuntu/libvirt | <6.0.0-0ubuntu8.19 | 6.0.0-0ubuntu8.19 |
ubuntu/libvirt | <8.0.0-1ubuntu7.10 | 8.0.0-1ubuntu7.10 |
ubuntu/libvirt | <9.6.0-1ubuntu1.1 | 9.6.0-1ubuntu1.1 |
debian/libvirt | <=5.0.0-4+deb10u1<=7.0.0-3+deb11u2<=9.0.0-4<=10.0.0-2 | 5.0.0-4+deb10u2 10.2.0-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-1441 has a medium severity rating due to its potential to be exploited by unprivileged clients.
To fix CVE-2024-1441, update the libvirt package to version 10.1.0 for Red Hat, 6.0.0-0ubuntu8.19 for focal, 8.0.0-1ubuntu7.10 for jammy, or 9.6.0-1ubuntu1.1 for mantic.
CVE-2024-1441 is caused by an off-by-one error in the udevListInterfacesByStatus() function of libvirt when handling a number of interfaces that exceeds the size of the names array.
Affected versions of libvirt include versions prior to 10.1.0 for Red Hat, and several specific Ubuntu and Debian versions listed in the vulnerability report.
Yes, CVE-2024-1441 can be exploited remotely by sending specially crafted data to the libvirt daemon.