Vulnerability CVE-2024-2494: Information
Description
A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
libvirt | sisyphus | 9.8.0-alt5 | 10.2.0-alt1 | ALT-PU-2024-4299-2 | 343222 | Fixed |
libvirt | sisyphus_riscv64 | 9.8.0-alt5 | 10.2.0-alt1 | ALT-PU-2024-4413-1 | - | Fixed |
libvirt | sisyphus_loongarch64 | 9.8.0-alt5 | 10.2.0-alt1 | ALT-PU-2024-4365-1 | - | Fixed |
libvirt | p10 | 9.7.0-alt2.p10.2 | 9.7.0-alt2.p10.2 | ALT-PU-2024-4301-3 | 343223 | Fixed |
libvirt | p9 | 7.3.0-alt0.p9.3 | 7.3.0-alt0.p9.3 | ALT-PU-2024-4683-3 | 343814 | Fixed |
libvirt | c10f1 | 9.7.0-alt2.p10.2 | 9.7.0-alt2.p10.2 | ALT-PU-2024-4681-2 | 343808 | Fixed |
libvirt | c9f2 | 7.3.0-alt0.p9.3 | 7.3.0-alt0.p9.3 | ALT-PU-2024-4685-3 | 343815 | Fixed |