All errata/sisyphus_loongarch64/ALT-PU-2024-13299-1
ALT-PU-2024-13299-1

Package update libvirt in branch sisyphus_loongarch64

Version10.7.0-alt1
Task#0
Published2024-09-26
Max severityMEDIUM
Severity:

Closed issues (2)

BDU:2024-07002
MEDIUM6.2

Уязвимость библиотеки управления виртуализацией Libvirt, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2024-09-13Modified: 2026-03-04
CVSS 3.xMEDIUM 6.2
CVSS:3.x/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.0MEDIUM 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C
References
CVE-2024-8235
MEDIUM6.2

A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon.

Published: 2024-08-30Modified: 2024-11-21
CVSS 3.xMEDIUM 6.2
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References