vulnerability
Alma Linux: CVE-2024-2494: Moderate: libvirt security and bug fix update (ALSA-2024-2560)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:N/C:N/I:N/A:C) | 03/21/2024 | 05/08/2024 | 02/18/2025 |
Severity
5
CVSS
(AV:L/AC:L/Au:N/C:N/I:N/A:C)
Published
03/21/2024
Added
05/08/2024
Modified
02/18/2025
Description
A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.
Solution(s)
alma-upgrade-libvirtalma-upgrade-libvirt-clientalma-upgrade-libvirt-client-qemualma-upgrade-libvirt-daemonalma-upgrade-libvirt-daemon-commonalma-upgrade-libvirt-daemon-config-networkalma-upgrade-libvirt-daemon-config-nwfilteralma-upgrade-libvirt-daemon-driver-interfacealma-upgrade-libvirt-daemon-driver-networkalma-upgrade-libvirt-daemon-driver-nodedevalma-upgrade-libvirt-daemon-driver-nwfilteralma-upgrade-libvirt-daemon-driver-qemualma-upgrade-libvirt-daemon-driver-secretalma-upgrade-libvirt-daemon-driver-storagealma-upgrade-libvirt-daemon-driver-storage-corealma-upgrade-libvirt-daemon-driver-storage-diskalma-upgrade-libvirt-daemon-driver-storage-iscsialma-upgrade-libvirt-daemon-driver-storage-logicalalma-upgrade-libvirt-daemon-driver-storage-mpathalma-upgrade-libvirt-daemon-driver-storage-rbdalma-upgrade-libvirt-daemon-driver-storage-scsialma-upgrade-libvirt-daemon-kvmalma-upgrade-libvirt-daemon-lockalma-upgrade-libvirt-daemon-logalma-upgrade-libvirt-daemon-plugin-lockdalma-upgrade-libvirt-daemon-plugin-sanlockalma-upgrade-libvirt-daemon-proxyalma-upgrade-libvirt-develalma-upgrade-libvirt-docsalma-upgrade-libvirt-libsalma-upgrade-libvirt-nss
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.