Lucene search

Veracode Vulnerability DatabaseVERACODE:46149

HistoryApr 02, 2024 - 11:21 a.m.

NULL Pointer Dereference

2024-04-0211:21:59

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

libvirt

vulnerability

race condition

host interface detachment

null pointer dereference

dos

5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

Libvirt is vulnerable to NULL pointer dereference. The vulnerability is caused by a race condition due to the simultaneous detachment of a host interface while collecting the list of interfaces using the virConnectListAllInterfaces API. This race condition leads to a situation where the path variable can become NULL while still being accessed, resulting in Denial of Service (DoS).

CPENameOperatorVersion
libvirt.sole0.9008.0.debug
libvirt.sole0.9008.0.debug

CPE	Name	Operator	Version
	libvirt.so	le	0.9008.0.debug
	libvirt.so	le	0.9008.0.debug

References

access.redhat.com/errata/RHSA-2024:2236

access.redhat.com/security/cve/CVE-2024-2496

bugzilla.redhat.com/show_bug.cgi?id=2269672

bugzilla.suse.com/show_bug.cgi?id=1221468

github.com/libvirt/libvirt/commit/2ca94317ac642a70921947150ced8acc674ccdc8

lists.debian.org/debian-lts-announce/2024/04/msg00000.html

5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

Related for VERACODE:46149