Lucene search

CVE-2024-4418

🗓️ 08 May 2024 03:07:15Reported by redhatType

A race condition in libvirt `virNetClientIOEventLoop()` method leads to a stack use-after-free flaw, enabling unauthenticated local access to virtproxyd, and potential access escape under fine-grained access control

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 81
OSV	ALSA-2024:4351 Low: virt:rhel and virt-devel:rhel security and bug fix update	8 Jul 202400:00	–	osv
OSV	RHSA-2024:4351 Red Hat Security Advisory: virt:rhel and virt-devel:rhel security and bug fix update	13 Sep 202421:32	–	osv
OSV	RHSA-2024:4432 Red Hat Security Advisory: libvirt security update	13 Sep 202421:31	–	osv
OSV	CVE-2024-4418	8 May 202403:15	–	osv
OSV	RLSA-2024:4351 Low: virt:rhel and virt-devel:rhel security and bug fix update	15 Jul 202412:17	–	osv
OSV	SUSE-SU-2024:1962-1 Security update for libvirt	10 Jun 202411:09	–	osv
OSV	USN-6763-1 libvirt vulnerability	7 May 202411:21	–	osv
OSV	OPENSUSE-SU-2024:13948-1 libvirt-10.3.0-2.1 on GA media	15 Jun 202400:00	–	osv
OSV	UBUNTU-CVE-2024-4418	5 May 202400:00	–	osv
OSV	RHSA-2024:4757 Red Hat Security Advisory: libvirt security update	13 Sep 202421:33	–	osv

[
  {
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "10.4.0",
        "versionType": "semver"
      }
    ],
    "packageName": "libvirt",
    "collectionURL": "https://gitlab.com/libvirt/libvirt",
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "virt-devel:rhel",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8100020240606142719.489197e6",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:8::appstream",
      "cpe:/a:redhat:enterprise_linux:8::crb"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "virt:rhel",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8100020240606142719.489197e6",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:8::appstream",
      "cpe:/a:redhat:enterprise_linux:8::crb"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libvirt",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:10.0.0-6.6.el9_4",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::crb",
      "cpe:/a:redhat:enterprise_linux:9::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libvirt",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:9.0.0-10.7.el9_2",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:9.2::appstream",
      "cpe:/a:redhat:rhel_eus:9.2::crb"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libvirt",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libvirt",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "virt:av/libvirt",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:advanced_virtualization:8::el8"
    ]
  }
]

Source	Link
access	www.access.redhat.com/errata/RHSA-2024:4351
access	www.access.redhat.com/security/cve/CVE-2024-4418
access	www.access.redhat.com/errata/RHSA-2024:4757
access	www.access.redhat.com/errata/RHSA-2024:4432
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/4IE44UIIC3QWBFRB4EUSFNLJBU6JLNSD/
security	www.security.netapp.com/advisory/ntap-20250411-0002/
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/Q4ZQBAJVHIZMCZNTRPUW3ZKXRKLXRQZU/

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

08 May 2024 03:15Current

6.2Medium risk

Vulners AI Score6.2

CVSS36.2

EPSS0.00173

SSVC

CWE-416