vulnerability

Alma Linux: CVE-2024-1441: Moderate: libvirt security and bug fix update (ALSA-2024-2560)

Try Surface Command
Back to search
Severity
5
CVSS
(AV:L/AC:L/Au:S/C:N/I:N/A:C)
Published
03/11/2024
Added
05/08/2024
Modified
02/18/2025

Description

An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.

Solution(s)

alma-upgrade-libvirtalma-upgrade-libvirt-clientalma-upgrade-libvirt-client-qemualma-upgrade-libvirt-daemonalma-upgrade-libvirt-daemon-commonalma-upgrade-libvirt-daemon-config-networkalma-upgrade-libvirt-daemon-config-nwfilteralma-upgrade-libvirt-daemon-driver-interfacealma-upgrade-libvirt-daemon-driver-networkalma-upgrade-libvirt-daemon-driver-nodedevalma-upgrade-libvirt-daemon-driver-nwfilteralma-upgrade-libvirt-daemon-driver-qemualma-upgrade-libvirt-daemon-driver-secretalma-upgrade-libvirt-daemon-driver-storagealma-upgrade-libvirt-daemon-driver-storage-corealma-upgrade-libvirt-daemon-driver-storage-diskalma-upgrade-libvirt-daemon-driver-storage-iscsialma-upgrade-libvirt-daemon-driver-storage-logicalalma-upgrade-libvirt-daemon-driver-storage-mpathalma-upgrade-libvirt-daemon-driver-storage-rbdalma-upgrade-libvirt-daemon-driver-storage-scsialma-upgrade-libvirt-daemon-kvmalma-upgrade-libvirt-daemon-lockalma-upgrade-libvirt-daemon-logalma-upgrade-libvirt-daemon-plugin-lockdalma-upgrade-libvirt-daemon-plugin-sanlockalma-upgrade-libvirt-daemon-proxyalma-upgrade-libvirt-develalma-upgrade-libvirt-docsalma-upgrade-libvirt-libsalma-upgrade-libvirt-nss

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today