CVE-2024-2494 — Memory Allocation with Excessive Size Value in Libvirt

CWE-789 — Memory Allocation with Excessive Size Value10 documents7 sources

Severity

6.2MEDIUMNVD

OSV5.5

EPSS

0.0%

top 92.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Libvirt Debian Libvirt Msrc Azl3 Libvirt 10.0.0-5 ON Azure Linux 3.0 +4 more

Timeline

PublishedMar 21

Latest updateApr 29

Description

A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.5 | Impact: 3.6

Affected Packages8 packages

▶debiandebian/libvirt< libvirt 9.0.0-4+deb12u1 (bookworm)

▶Debianredhat/libvirt< 7.0.0-3+deb11u3+3

▶Ubunturedhat/libvirt< 6.0.0-0ubuntu8.19+2

▶msrcmsrc/azl3_libvirt_10.0.0-5_on_azure_linux_3.0

▶msrcmsrc/cbl2_libvirt_7.10.0-9_on_cbl_mariner_2.0

🔴Vulnerability Details

OSV

libvirt vulnerabilities↗2024-04-29

▶

OSV

libvirt vulnerabilities↗2024-04-15

▶

GHSA

GHSA-h9fq-4hj4-g596: A flaw was found in the RPC library APIs of libvirt↗2024-03-21

▶

OSV

CVE-2024-2494: A flaw was found in the RPC library APIs of libvirt↗2024-03-21

▶

📋Vendor Advisories

Ubuntu

libvirt vulnerabilities↗2024-04-29

▶

Ubuntu

libvirt vulnerabilities↗2024-04-15

▶

Red Hat

libvirt: negative g_new0 length can lead to unbounded memory allocation↗2024-03-21

▶

Microsoft

Libvirt: negative g_new0 length can lead to unbounded memory allocation↗2024-03-12

▶

Debian

CVE-2024-2494: libvirt - A flaw was found in the RPC library APIs of libvirt. The RPC server deserializat...↗2024

▶