CVE-2024-2496 Libvirt: null pointer dereference in udevconnectlistallinterfaces()

🗓️ 18 Mar 2024 12:54:17Reported by redhatType

CVE-2024-2496 Libvirt null pointer dereference in udevconnectlistallinterfaces A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash

Reporter	Title	Published	Views	Family All 87
Tenable Nessus	Amazon Linux 2 : libvirt (ALAS-2024-2513)	18 Apr 202400:00	–	nessus
Tenable Nessus	Debian dla-3778 : libnss-libvirt - security update	1 Apr 202400:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.10.0 : libvirt (EulerOS-SA-2024-1997)	18 Jul 202400:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.10.1 : libvirt (EulerOS-SA-2024-2015)	18 Jul 202400:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.11.1 : libvirt (EulerOS-SA-2024-2175)	21 Aug 202400:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.11.0 : libvirt (EulerOS-SA-2024-2202)	20 Aug 202400:00	–	nessus
Tenable Nessus	Fedora 38 : libvirt (2024-1a59230214)	27 Mar 202400:00	–	nessus
Tenable Nessus	Fedora 39 : libvirt (2024-d96cdeb8ec)	20 Mar 202400:00	–	nessus
Tenable Nessus	CBL Mariner 2.0 Security Update: libvirt (CVE-2024-2496)	2 Jul 202400:00	–	nessus
Tenable Nessus	MiracleLinux 9 : libvirt-10.0.0-6.2.el9.ML.1 (AXSA:2024-8065:03)	20 Jan 202600:00	–	nessus

[
  {
    "versions": [
      {
        "status": "affected",
        "version": "9.0.0",
        "lessThan": "9.7.0",
        "versionType": "semver"
      }
    ],
    "packageName": "libvirt",
    "collectionURL": "https://gitlab.com/libvirt/libvirt/",
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libvirt",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:10.0.0-6.el9_4",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::appstream",
      "cpe:/a:redhat:enterprise_linux:9::crb"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libvirt",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libvirt",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "virt:rhel/libvirt",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "virt:av/libvirt",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:advanced_virtualization:8::el8"
    ]
  }
]

Source	Link
access	www.access.redhat.com/errata/RHSA-2024:2236
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/security/cve/CVE-2024-2496

08 Nov 2025 06:49Current

5.5Medium risk

Vulners AI Score5.5

CVSS 3.15

EPSS0.0025

CWE-476