Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-2496

Published: 18/03/2024 Updated: 30/04/2024

Vulnerability Summary

A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash.

Vendor Advisories

Amazon Linux 2: ALAS-2024-2513
An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to c ...

References

CWE-476https://access.redhat.com/security/cve/CVE-2024-2496https://bugzilla.redhat.com/show_bug.cgi?id=2269672https://lists.debian.org/debian-lts-announce/2024/04/msg00000.htmlhttps://access.redhat.com/errata/RHSA-2024:2236https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2024-2513.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-29895injectCVE-2023-52689CVE-2024-5049CVE-2024-5051privilege escalationphysicalCVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook