RedhatVULNRICHMENT:CVE-2024-2494CVE-2024-2494 Libvirt: negative g_new0 length can lead to unbounded memory allocation
6.2 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
26.8%
A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.
CNA Affected
[
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::crb",
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"versions": [
{
"status": "unaffected",
"version": "8100020240409073027.489197e6",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "virt-devel:rhel",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::crb",
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"versions": [
{
"status": "unaffected",
"version": "8100020240409073027.489197e6",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "virt:rhel",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"versions": [
{
"status": "unaffected",
"version": "0:10.0.0-6.2.el9_4",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "libvirt",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 6",
"packageName": "libvirt",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 7",
"packageName": "libvirt",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8::el8"
],
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"packageName": "virt:av/libvirt",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "affected"
}
]References
access.redhat.com/errata/RHSA-2024:2560
access.redhat.com/errata/RHSA-2024:3253
access.redhat.com/security/cve/CVE-2024-2494
bugzilla.redhat.com/show_bug.cgi?id=2270115
lists.debian.org/debian-lts-announce/2024/04/msg00000.html
lists.libvirt.org/archives/list/[email protected]/thread/BKRQXPLPC6B7FLHJXSBQYW7HNDEBW6RJ/
security.netapp.com/advisory/ntap-20240517-0009/
Related
6.2 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
26.8%