Lucene search

CVE-2024-2494

🗓️ 21 Mar 2024 14:10:15Reported by redhatType

Flaw in RPC library APIs of libvirt causing denial of servic

Reporter	Title	Published	Views	Family All 73
Tenable Nessus	RHEL 8 : virt:rhel and virt-devel:rhel (RHSA-2024:3253)	23 May 202400:00	–	nessus
Tenable Nessus	SUSE SLES12 Security Update : libvirt (SUSE-SU-2024:1083-1)	3 Apr 202400:00	–	nessus
Tenable Nessus	CBL Mariner 2.0 Security Update: libvirt (CVE-2024-2494)	3 Jul 202400:00	–	nessus
Tenable Nessus	Rocky Linux 8 : virt:rhel and virt-devel:rhel (RLSA-2024:3253)	14 Jun 202400:00	–	nessus
Tenable Nessus	SUSE SLES15 Security Update : libvirt (SUSE-SU-2024:1078-1)	2 Apr 202400:00	–	nessus
Tenable Nessus	SUSE SLES15 Security Update : libvirt (SUSE-SU-2024:1100-1)	9 Apr 202400:00	–	nessus
Tenable Nessus	Photon OS 5.0: Libvirt PHSA-2024-5.0-0246	23 Jul 202400:00	–	nessus
Tenable Nessus	Photon OS 3.0: Libvirt PHSA-2024-3.0-0749	8 Aug 202400:00	–	nessus
Tenable Nessus	Rocky Linux 9 : libvirt (RLSA-2024:2560)	14 May 202400:00	–	nessus
Tenable Nessus	Oracle Linux 9 : libvirt (ELSA-2024-2560)	7 May 202400:00	–	nessus

[
  {
    "versions": [
      {
        "status": "affected",
        "version": "9.0.0",
        "lessThan": "9.7.0",
        "versionType": "semver"
      }
    ],
    "packageName": "libvirt",
    "collectionURL": "https://gitlab.com/libvirt/libvirt/",
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "virt-devel:rhel",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8100020240409073027.489197e6",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:8::appstream",
      "cpe:/a:redhat:enterprise_linux:8::crb"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "virt:rhel",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8100020240409073027.489197e6",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:8::appstream",
      "cpe:/a:redhat:enterprise_linux:8::crb"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libvirt",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:10.0.0-6.2.el9_4",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::appstream",
      "cpe:/a:redhat:enterprise_linux:9::crb"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libvirt",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libvirt",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "virt:av/libvirt",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:advanced_virtualization:8::el8"
    ]
  }
]

Source	Link
access	www.access.redhat.com/errata/RHSA-2024:3253
access	www.access.redhat.com/security/cve/CVE-2024-2494
lists	www.lists.libvirt.org/archives/list/[email protected]/thread/BKRQXPLPC6B7FLHJXSBQYW7HNDEBW6RJ/
access	www.access.redhat.com/errata/RHSA-2024:2560
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
security	www.security.netapp.com/advisory/ntap-20240517-0009/
lists	www.lists.debian.org/debian-lts-announce/2024/04/msg00000.html

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

21 Mar 2024 14:15Current

6.4Medium risk

Vulners AI Score6.4

CVSS36.2

EPSS0.001

SSVC

CWE-789