CVE-2024-1441 — Off-by-one Error in Libvirt

CWE-193 — Off-by-one Error10 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 82.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Libvirt Debian Libvirt Msrc Azl3 Libvirt 10.0.0-5 ON Azure Linux 3.0 +4 more

Timeline

PublishedMar 11

Latest updateApr 29

Description

An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages8 packages

▶debiandebian/libvirt< libvirt 9.0.0-4+deb12u1 (bookworm)

▶Debianredhat/libvirt< 7.0.0-3+deb11u3+3

▶Ubunturedhat/libvirt< 6.0.0-0ubuntu8.19+2

▶msrcmsrc/azl3_libvirt_10.0.0-5_on_azure_linux_3.0

▶msrcmsrc/cbl2_libvirt_7.10.0-8_on_cbl_mariner_2.0

🔴Vulnerability Details

OSV

libvirt vulnerabilities↗2024-04-29

▶

OSV

libvirt vulnerabilities↗2024-04-15

▶

OSV

CVE-2024-1441: An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `name↗2024-03-11

▶

GHSA

GHSA-2cj9-wjmr-5w57: An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `name↗2024-03-11

▶

📋Vendor Advisories

Ubuntu

libvirt vulnerabilities↗2024-04-29

▶

Ubuntu

libvirt vulnerabilities↗2024-04-15

▶

Microsoft

Libvirt: off-by-one error in udevlistinterfacesbystatus()↗2024-03-12

▶

Red Hat

libvirt: off-by-one error in udevListInterfacesByStatus()↗2024-03-01

▶

Debian

CVE-2024-1441: libvirt - An off-by-one error flaw was found in the udevListInterfacesByStatus() function ...↗2024

▶