CVE-2024-2496
Published: 18 March 2024
A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash.
Priority
Status
Package | Release | Status |
---|---|---|
libvirt Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Released
(6.0.0-0ubuntu8.19)
|
|
jammy |
Released
(8.0.0-1ubuntu7.10)
|
|
mantic |
Released
(9.6.0-1ubuntu1.1)
|
|
noble |
Not vulnerable
(10.0.0-2ubuntu1)
|
|
trusty |
Needs triage
|
|
upstream |
Released
(9.8.0-1)
|
|
xenial |
Needs triage
|
|
Patches: upstream: https://gitlab.com/libvirt/libvirt/-/commit/2ca94317ac642a70921947150ced8acc674ccdc8 |