Crash of virtinterfaced Daemon Due to NULL Pointer Dereference
CVE-2024-8235
6.2MEDIUM
Key Information
- Vendor
- Red Hat
- Status
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 7
- Red Hat Enterprise Linux 8
- Red Hat Enterprise Linux 8 Advanced Virtualization
- Vendor
- CVE Published:
- 30 August 2024
Summary
A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon.
References
CVSS V3.1
Score:
6.2
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Collectors
NVD DatabaseMitre Database