CVE-2024-1441
Published: 11 March 2024
An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.
Notes
| Author | Note |
|---|---|
| sbeattie | introduced in 5a33366f5c ("interface: add udev based
backend for virInterface") and d6064e2759 ("libvirt-<module>:
Check caller-provided buffers to be NULL with size > 0") |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
libvirt Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Released
(6.0.0-0ubuntu8.19)
|
|
| jammy |
Released
(8.0.0-1ubuntu7.10)
|
|
| mantic |
Released
(9.6.0-1ubuntu1.1)
|
|
| noble |
Released
(10.0.0-2ubuntu8.1)
|
|
| trusty |
Needs triage
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
|
Patches: upstream: https://gitlab.com/libvirt/libvirt/-/commit/c664015fe3a7bf59db26686e9ed69af011c6ebb8 |
||