CVE-2024-2496

CWE-476 — NULL Pointer Dereference9 documents8 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 89.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Libvirt Debian Debian Linux Redhat Enterprise Linux

Timeline

PublishedMar 18

Latest updateApr 15

Description

A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:HExploitability: 1.3 | Impact: 3.6

Affected Packages2 packages

▶NVDredhat/libvirt< 9.8.0

▶Debianlibvirt< 7.0.0-3+deb11u3+3

Also affects: Debian Linux 10.0, Enterprise Linux 6.0, 7.0, 8.0, 9.0

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

OSV

libvirt vulnerabilities↗2024-04-15

▶

GHSA

GHSA-mfxp-38jc-24qj: A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt↗2024-03-18

▶

OSV

CVE-2024-2496: A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt↗2024-03-18

▶

CVEList

Libvirt: null pointer dereference in udevconnectlistallinterfaces()↗2024-03-18

▶

📋Vendor Advisories

Ubuntu

libvirt vulnerabilities↗2024-04-15

▶

Microsoft

Libvirt: null pointer dereference in udevconnectlistallinterfaces()↗2024-03-12

▶

Red Hat

libvirt: NULL pointer dereference in udevConnectListAllInterfaces()↗2024-02-26

▶

Debian

CVE-2024-2496: libvirt - A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() ...↗2024

▶