Lucene search
RedhatCVE-2024-1441HistoryMar 11, 2024 - 2:15 p.m.
CVE-2024-1441
2024-03-1114:15:06
CWE-193
redhat
web.nvd.nist.gov
134
cve-2024-1441
udevlistinterfacesbystatus
libvirt
off-by-one error
denial of service
nvd
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
5.1
Confidence
High
EPSS
0
Percentile
16.3%
An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the names array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.
CNA Affected
[
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "libvirt",
"defaultStatus": "affected",
"versions": [
{
"version": "0:10.0.0-6.2.el9_4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 6",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "libvirt",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "libvirt",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "virt:rhel/libvirt",
"defaultStatus": "affected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "virt:av/libvirt",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8::el8"
]
}
]Related
debiancve
debiancve
CVE-2024-1441
2024-03-11 14:15:06
nessus
nessus
Photon OS 4.0: Libvirt PHSA-2024-4.0-0625
2024-07-24 00:00:00
Photon OS 5.0: Libvirt PHSA-2024-5.0-0286
2024-07-24 00:00:00
Oracle Linux 9 : libvirt (ELSA-2024-12406)
2024-06-04 00:00:00
osv
osv
libvirt-10.1.0-1.1 on GA media
2024-06-15 00:00:00
libvirt vulnerabilities
2024-04-29 11:43:27
Moderate: libvirt security and bug fix update
2024-04-30 00:00:00
ubuntucve
ubuntucve
CVE-2024-1441
2024-03-11 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: libvirt-9.7.0-3.fc39
2024-03-20 02:04:54
[SECURITY] Fedora 38 Update: libvirt-9.0.0-5.fc38
2024-03-28 01:43:49
cbl_mariner
cbl_mariner
CVE-2024-1441 affecting package libvirt for versions less than 7.10.0-8
2024-04-09 20:48:36
openvas
openvas
Fedora: Security Advisory for libvirt (FEDORA-2024-1a59230214)
2024-03-28 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:1005-1)
2024-05-07 00:00:00
Fedora: Security Advisory (FEDORA-2024-d96cdeb8ec)
2024-03-25 00:00:00
cvelist
cvelist
CVE-2024-1441 Libvirt: off-by-one error in udevlistinterfacesbystatus()
2024-03-11 13:37:54
prion
prion
Design/Logic Flaw
2024-03-11 14:15:00
veracode
veracode
Off-by-one Error
2024-03-14 06:36:18
nvd
nvd
CVE-2024-1441
2024-03-11 14:15:06
vulnrichment
vulnrichment
CVE-2024-1441 Libvirt: off-by-one error in udevlistinterfacesbystatus()
2024-03-11 13:37:54
githubexploit
githubexploit
Exploit for CVE-2024-1441
2024-04-16 07:14:33
redhatcve
redhatcve
CVE-2024-1441
2024-03-11 10:10:13
oraclelinux
oraclelinux
libvirt security update
2024-06-03 00:00:00
virt:kvm_utils3 bug fix update
2024-07-15 00:00:00
libvirt security and bug fix update
2024-05-07 00:00:00
redos
redos
ROS-20240415-02
2024-04-15 00:00:00
redhat
redhat
(RHSA-2024:2560) Moderate: libvirt security and bug fix update
2024-04-30 11:38:52
ubuntu
ubuntu
libvirt vulnerabilities
2024-04-29 00:00:00
libvirt vulnerabilities
2024-04-15 00:00:00
almalinux
almalinux
Moderate: libvirt security and bug fix update
2024-04-30 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2024-5.0-0286
2024-06-07 00:00:00
Moderate Photon OS Security Update - PHSA-2024-4.0-0625
2024-06-07 00:00:00
rocky
rocky
libvirt security and bug fix update
2024-05-10 14:32:38
amazon
amazon
Medium: libvirt
2024-04-11 01:07:00
debian
debian
[SECURITY] [DLA 3778-1] libvirt security update
2024-04-01 12:19:02
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
5.1
Confidence
High
EPSS
0
Percentile
16.3%
Related for CVE-2024-1441