Lucene search

Alpine Linux Development TeamALPINE:CVE-2024-8235

HistoryAug 30, 2024 - 5:15 p.m.

CVE-2024-8235

2024-08-3017:15:15

Alpine Linux Development Team

security.alpinelinux.org

libvirt

code flaw

virtinterfaced

daemon crash

null pointer

socket vulnerability

unix

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

Confidence

Low

JSON

A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon.

OSVersionArchitecturePackageVersionFilename
Alpineedge-communitynoarchlibvirt< 10.7.0-r0UNKNOWN
Alpine3.20-communitynoarchlibvirt< 10.7.0-r0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	edge-community	noarch	libvirt	< 10.7.0-r0	UNKNOWN
Alpine	3.20-community	noarch	libvirt	< 10.7.0-r0	UNKNOWN

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

Confidence

Low

JSON

Related for ALPINE:CVE-2024-8235