Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS-2024-2513

Related Vulnerabilities: CVE-2024-1441   CVE-2024-2494   CVE-2024-2496  

An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash. (CVE-2024-1441) A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash. (CVE-2024-2494) NULL pointer dereference in udevConnectListAllInterfaces() (CVE-2024-2496)

Source

ALAS-2024-2513

Amazon Linux 2 Security Advisory: ALAS-2024-2513
Advisory Release Date: 2024-04-11 01:07 Pacific
Advisory Updated Date: 2024-04-15 12:00 Pacific
Severity: Medium
Issue Overview:

An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash. (CVE-2024-1441)

A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash. (CVE-2024-2494)

NULL pointer dereference in udevConnectListAllInterfaces() (CVE-2024-2496)


Affected Packages:

libvirt


Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.


Issue Correction:
Run yum update libvirt to update your system.

New Packages:
aarch64:
    libvirt-4.5.0-36.amzn2.3.1.aarch64
    libvirt-docs-4.5.0-36.amzn2.3.1.aarch64
    libvirt-daemon-4.5.0-36.amzn2.3.1.aarch64
    libvirt-daemon-config-network-4.5.0-36.amzn2.3.1.aarch64
    libvirt-daemon-config-nwfilter-4.5.0-36.amzn2.3.1.aarch64
    libvirt-daemon-driver-network-4.5.0-36.amzn2.3.1.aarch64
    libvirt-daemon-driver-nwfilter-4.5.0-36.amzn2.3.1.aarch64
    libvirt-daemon-driver-nodedev-4.5.0-36.amzn2.3.1.aarch64
    libvirt-daemon-driver-interface-4.5.0-36.amzn2.3.1.aarch64
    libvirt-daemon-driver-secret-4.5.0-36.amzn2.3.1.aarch64
    libvirt-daemon-driver-storage-core-4.5.0-36.amzn2.3.1.aarch64
    libvirt-daemon-driver-storage-logical-4.5.0-36.amzn2.3.1.aarch64
    libvirt-daemon-driver-storage-disk-4.5.0-36.amzn2.3.1.aarch64
    libvirt-daemon-driver-storage-scsi-4.5.0-36.amzn2.3.1.aarch64
    libvirt-daemon-driver-storage-iscsi-4.5.0-36.amzn2.3.1.aarch64
    libvirt-daemon-driver-storage-mpath-4.5.0-36.amzn2.3.1.aarch64
    libvirt-daemon-driver-storage-4.5.0-36.amzn2.3.1.aarch64
    libvirt-daemon-driver-qemu-4.5.0-36.amzn2.3.1.aarch64
    libvirt-daemon-driver-lxc-4.5.0-36.amzn2.3.1.aarch64
    libvirt-daemon-kvm-4.5.0-36.amzn2.3.1.aarch64
    libvirt-daemon-lxc-4.5.0-36.amzn2.3.1.aarch64
    libvirt-client-4.5.0-36.amzn2.3.1.aarch64
    libvirt-libs-4.5.0-36.amzn2.3.1.aarch64
    libvirt-admin-4.5.0-36.amzn2.3.1.aarch64
    libvirt-bash-completion-4.5.0-36.amzn2.3.1.aarch64
    libvirt-login-shell-4.5.0-36.amzn2.3.1.aarch64
    libvirt-devel-4.5.0-36.amzn2.3.1.aarch64
    libvirt-lock-sanlock-4.5.0-36.amzn2.3.1.aarch64
    libvirt-nss-4.5.0-36.amzn2.3.1.aarch64
    libvirt-debuginfo-4.5.0-36.amzn2.3.1.aarch64

i686:
    libvirt-4.5.0-36.amzn2.3.1.i686
    libvirt-docs-4.5.0-36.amzn2.3.1.i686
    libvirt-daemon-4.5.0-36.amzn2.3.1.i686
    libvirt-daemon-config-network-4.5.0-36.amzn2.3.1.i686
    libvirt-daemon-config-nwfilter-4.5.0-36.amzn2.3.1.i686
    libvirt-daemon-driver-network-4.5.0-36.amzn2.3.1.i686
    libvirt-daemon-driver-nwfilter-4.5.0-36.amzn2.3.1.i686
    libvirt-daemon-driver-nodedev-4.5.0-36.amzn2.3.1.i686
    libvirt-daemon-driver-interface-4.5.0-36.amzn2.3.1.i686
    libvirt-daemon-driver-secret-4.5.0-36.amzn2.3.1.i686
    libvirt-daemon-driver-storage-core-4.5.0-36.amzn2.3.1.i686
    libvirt-daemon-driver-storage-logical-4.5.0-36.amzn2.3.1.i686
    libvirt-daemon-driver-storage-disk-4.5.0-36.amzn2.3.1.i686
    libvirt-daemon-driver-storage-scsi-4.5.0-36.amzn2.3.1.i686
    libvirt-daemon-driver-storage-iscsi-4.5.0-36.amzn2.3.1.i686
    libvirt-daemon-driver-storage-mpath-4.5.0-36.amzn2.3.1.i686
    libvirt-daemon-driver-storage-4.5.0-36.amzn2.3.1.i686
    libvirt-daemon-driver-lxc-4.5.0-36.amzn2.3.1.i686
    libvirt-daemon-lxc-4.5.0-36.amzn2.3.1.i686
    libvirt-client-4.5.0-36.amzn2.3.1.i686
    libvirt-libs-4.5.0-36.amzn2.3.1.i686
    libvirt-admin-4.5.0-36.amzn2.3.1.i686
    libvirt-bash-completion-4.5.0-36.amzn2.3.1.i686
    libvirt-login-shell-4.5.0-36.amzn2.3.1.i686
    libvirt-devel-4.5.0-36.amzn2.3.1.i686
    libvirt-nss-4.5.0-36.amzn2.3.1.i686
    libvirt-debuginfo-4.5.0-36.amzn2.3.1.i686

src:
    libvirt-4.5.0-36.amzn2.3.1.src

x86_64:
    libvirt-4.5.0-36.amzn2.3.1.x86_64
    libvirt-docs-4.5.0-36.amzn2.3.1.x86_64
    libvirt-daemon-4.5.0-36.amzn2.3.1.x86_64
    libvirt-daemon-config-network-4.5.0-36.amzn2.3.1.x86_64
    libvirt-daemon-config-nwfilter-4.5.0-36.amzn2.3.1.x86_64
    libvirt-daemon-driver-network-4.5.0-36.amzn2.3.1.x86_64
    libvirt-daemon-driver-nwfilter-4.5.0-36.amzn2.3.1.x86_64
    libvirt-daemon-driver-nodedev-4.5.0-36.amzn2.3.1.x86_64
    libvirt-daemon-driver-interface-4.5.0-36.amzn2.3.1.x86_64
    libvirt-daemon-driver-secret-4.5.0-36.amzn2.3.1.x86_64
    libvirt-daemon-driver-storage-core-4.5.0-36.amzn2.3.1.x86_64
    libvirt-daemon-driver-storage-logical-4.5.0-36.amzn2.3.1.x86_64
    libvirt-daemon-driver-storage-disk-4.5.0-36.amzn2.3.1.x86_64
    libvirt-daemon-driver-storage-scsi-4.5.0-36.amzn2.3.1.x86_64
    libvirt-daemon-driver-storage-iscsi-4.5.0-36.amzn2.3.1.x86_64
    libvirt-daemon-driver-storage-mpath-4.5.0-36.amzn2.3.1.x86_64
    libvirt-daemon-driver-storage-gluster-4.5.0-36.amzn2.3.1.x86_64
    libvirt-daemon-driver-storage-rbd-4.5.0-36.amzn2.3.1.x86_64
    libvirt-daemon-driver-storage-4.5.0-36.amzn2.3.1.x86_64
    libvirt-daemon-driver-qemu-4.5.0-36.amzn2.3.1.x86_64
    libvirt-daemon-driver-lxc-4.5.0-36.amzn2.3.1.x86_64
    libvirt-daemon-kvm-4.5.0-36.amzn2.3.1.x86_64
    libvirt-daemon-lxc-4.5.0-36.amzn2.3.1.x86_64
    libvirt-client-4.5.0-36.amzn2.3.1.x86_64
    libvirt-libs-4.5.0-36.amzn2.3.1.x86_64
    libvirt-admin-4.5.0-36.amzn2.3.1.x86_64
    libvirt-bash-completion-4.5.0-36.amzn2.3.1.x86_64
    libvirt-login-shell-4.5.0-36.amzn2.3.1.x86_64
    libvirt-devel-4.5.0-36.amzn2.3.1.x86_64
    libvirt-lock-sanlock-4.5.0-36.amzn2.3.1.x86_64
    libvirt-nss-4.5.0-36.amzn2.3.1.x86_64
    libvirt-debuginfo-4.5.0-36.amzn2.3.1.x86_64

Additional References

Red Hat: CVE-2024-1441, CVE-2024-2494, CVE-2024-2496

Mitre: CVE-2024-1441, CVE-2024-2494, CVE-2024-2496

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started