CVE-2024-1441
Published: 11 March 2024
An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.
Notes
Author | Note |
---|---|
sbeattie |
introduced in 5a33366f5c ("interface: add udev based backend for virInterface") and d6064e2759 ("libvirt-<module>: Check caller-provided buffers to be NULL with size > 0") |
Priority
Status
Package | Release | Status |
---|---|---|
libvirt
Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Released
(6.0.0-0ubuntu8.19)
|
|
jammy |
Released
(8.0.0-1ubuntu7.10)
|
|
mantic |
Released
(9.6.0-1ubuntu1.1)
|
|
noble |
Released
(10.0.0-2ubuntu8.1)
|
|
trusty |
Needs triage
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
Patches:
upstream: https://gitlab.com/libvirt/libvirt/-/commit/c664015fe3a7bf59db26686e9ed69af011c6ebb8 |