SB2024041542 - Ubuntu update for libvirt

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024041542

SB2024041542 - Ubuntu update for libvirt

Published: April 15, 2024

Security Bulletin ID SB2024041542
Severity
Low
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Local access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Off-by-one (CVE-ID: CVE-2024-1441)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an off-by-one error in the udevListInterfacesByStatus() function when the number of interfaces exceeds the size of the "names" array. A local user can trigger an off-by-one error and crash the daemon.


2) Uncontrolled Memory Allocation (CVE-ID: CVE-2024-2494)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to uncontrolled memory allocation within the g_new0() function. A local user can perform a denial of service (DoS) attack.


3) NULL pointer dereference (CVE-ID: CVE-2024-2496)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the udevConnectListAllInterfaces() function. A local user can trigger a NULL pointer dereference error when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API.


Remediation

Install update from vendor's website.

References