CVE-2024-2496

A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash.

CVSS v3 5.0 MEDIUM

5.0^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.3 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2024:2236
https://access.redhat.com/security/cve/CVE-2024-2496
https://bugzilla.redhat.com/show_bug.cgi?id=2269672
https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html

Configurations

No configuration.

History

30 Apr 2024, 14:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:2236 -

01 Apr 2024, 13:17

Type	Values Removed	Values Added
Summary		(es) Se encontró una falla de desreferencia de puntero NULL en la función udevConnectListAllInterfaces() en libvirt. Este problema puede ocurrir al desconectar una interfaz de host y al mismo tiempo recopilar la lista de interfaces a través de la API virConnectListAllInterfaces. Esta falla podría usarse para realizar un ataque de denegación de servicio provocando la falla del daemon libvirt.
References		() https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html -

18 Mar 2024, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-18 13:15

Updated : 2024-04-30 14:15

NVD link : CVE-2024-2496

Mitre link : CVE-2024-2496

CVE.ORG link : CVE-2024-2496

JSON object : View

Products Affected

No product.

CWE

CWE-476

NULL Pointer Dereference

5.0 /10