CVE-2024-2494
Published: 20 March 2024
A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.
Priority
Status
Package | Release | Status |
---|---|---|
libvirt Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Released
(6.0.0-0ubuntu8.19)
|
|
jammy |
Released
(8.0.0-1ubuntu7.10)
|
|
mantic |
Released
(9.6.0-1ubuntu1.1)
|
|
noble |
Released
(10.0.0-2ubuntu8.1)
|
|
trusty |
Needs triage
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
Patches: upstream: https://gitlab.com/libvirt/libvirt/-/commit/8a3f8d957507c1f8223fdcf25a3ff885b15557f2 |