vulnerability
Alma Linux: CVE-2024-8235: Moderate: libvirt security update (ALSA-2024-9128)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:N/C:N/I:N/A:C) | Aug 30, 2024 | Nov 19, 2024 | Aug 11, 2025 |
Severity
5
CVSS
(AV:L/AC:L/Au:N/C:N/I:N/A:C)
Published
Aug 30, 2024
Added
Nov 19, 2024
Modified
Aug 11, 2025
Description
A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon.
Solutions
alma-upgrade-libvirtalma-upgrade-libvirt-clientalma-upgrade-libvirt-client-qemualma-upgrade-libvirt-daemonalma-upgrade-libvirt-daemon-commonalma-upgrade-libvirt-daemon-config-networkalma-upgrade-libvirt-daemon-config-nwfilteralma-upgrade-libvirt-daemon-driver-interfacealma-upgrade-libvirt-daemon-driver-networkalma-upgrade-libvirt-daemon-driver-nodedevalma-upgrade-libvirt-daemon-driver-nwfilteralma-upgrade-libvirt-daemon-driver-qemualma-upgrade-libvirt-daemon-driver-secretalma-upgrade-libvirt-daemon-driver-storagealma-upgrade-libvirt-daemon-driver-storage-corealma-upgrade-libvirt-daemon-driver-storage-diskalma-upgrade-libvirt-daemon-driver-storage-iscsialma-upgrade-libvirt-daemon-driver-storage-logicalalma-upgrade-libvirt-daemon-driver-storage-mpathalma-upgrade-libvirt-daemon-driver-storage-rbdalma-upgrade-libvirt-daemon-driver-storage-scsialma-upgrade-libvirt-daemon-kvmalma-upgrade-libvirt-daemon-lockalma-upgrade-libvirt-daemon-logalma-upgrade-libvirt-daemon-plugin-lockdalma-upgrade-libvirt-daemon-plugin-sanlockalma-upgrade-libvirt-daemon-proxyalma-upgrade-libvirt-develalma-upgrade-libvirt-docsalma-upgrade-libvirt-libsalma-upgrade-libvirt-nssalma-upgrade-libvirt-ssh-proxy
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.