CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
17.8%
Libvirt is vulnerable to Denial of Service(DoS). The vulnerability is due to improper handling of negative array lengths during memory allocation. If an attacker can pass a negative length to the g_new0
function will usually result in a Denial of Service(DoS).
access.redhat.com/errata/RHSA-2024:2560
access.redhat.com/errata/RHSA-2024:3253
access.redhat.com/security/cve/CVE-2024-2494
bugzilla.redhat.com/show_bug.cgi?id=2270115
bugzilla.suse.com/show_bug.cgi?id=1221815
github.com/libvirt/libvirt/commit/8a3f8d957507c1f8223fdcf25a3ff885b15557f2
lists.debian.org/debian-lts-announce/2024/04/msg00000.html
lists.libvirt.org/archives/list/[email protected]/thread/BKRQXPLPC6B7FLHJXSBQYW7HNDEBW6RJ/
security.netapp.com/advisory/ntap-20240517-0009/