NULL pointer dereference flaw found in udevConnectListAllInterfaces() function, potentially leading to denial of service attack
CVE-2024-2496

5.5MEDIUM

Key Information:

Vendor: Red Hat
Status: Libvirt; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 18 March 2024

Summary

A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash.

Affected Version(s)

libvirt 9.8.0

References

https://access.redhat.com/security/cve/CVE-2024-2496

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2269672

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 18, 2024
Vulnerability Reserved
Mar 15, 2024