All errata/c10f2/ALT-PU-2024-3620-4
ALT-PU-2024-3620-4

Package update libvirt in branch c10f2

Version9.7.0-alt2.p10.1
Task#342236
Published2026-02-04
Max severityMEDIUM
Severity:

Closed issues (2)

BDU:2024-02834
MEDIUM5.5

Уязвимость функции udevListInterfacesByStatus() библиотеки libvirt, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2024-04-11Modified: 2026-01-13
CVSS 3.xMEDIUM 5.5
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS 2.0MEDIUM 4.6
CVSS:2.0/AV:L/AC:L/Au:S/C:N/I:N/A:C
References
CVE-2024-1441
MEDIUM5.5

An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.

Published: 2024-03-11Modified: 2026-04-15
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References