CVE-2024-8235 Libvirt: crash of virtinterfaced via virconnectlistinterfaces()

🗓️ 30 Aug 2024 16:16:57Reported by redhatType

Flaw in Libvirt causing virtinterfaced crash via virconnectlistinterfaces(

Reporter	Title	Published	Views	Family All 40
AlpineLinux	CVE-2024-8235	30 Aug 202416:16	–	alpinelinux
AlmaLinux	Moderate: libvirt security update	12 Nov 202400:00	–	almalinux
AstraLinux	Astra Linux – Vulnerability in libvirt	23 Nov 202403:04	–	astralinux
BDU FSTEC	The vulnerability of the Libvirt virtualization management library, related to the assignment of the null pointer, allows a attacker to trigger a service failure.	13 Sep 202400:00	–	bdu_fstec
Circl	CVE-2024-8235	30 Aug 202419:49	–	circl
CNNVD	libvirt 代码问题漏洞	29 Aug 202400:00	–	cnnvd
CVE	CVE-2024-8235	30 Aug 202416:16	–	cve
Debian CVE	CVE-2024-8235	30 Aug 202416:16	–	debiancve
Oracle linux	libvirt security update	14 Nov 202400:00	–	oraclelinux
EUVD	EUVD-2024-49040	3 Oct 202520:07	–	euvd

[
  {
    "versions": [
      {
        "status": "affected",
        "version": "10.4.0",
        "lessThan": "10.7.0",
        "versionType": "semver"
      }
    ],
    "packageName": "libvirt",
    "collectionURL": "https://gitlab.com/libvirt/libvirt",
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libvirt",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:10.5.0-7.el9_5",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::appstream",
      "cpe:/a:redhat:enterprise_linux:9::crb"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 10",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libvirt",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:10"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libvirt",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libvirt",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "virt:rhel/libvirt",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "virt:av/libvirt",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:advanced_virtualization:8::el8"
    ]
  }
]

Source	Link
access	www.access.redhat.com/security/cve/CVE-2024-8235
lists	www.lists.libvirt.org/archives/list/[email protected]/thread/X6WOVCL6QF3FQRFIIXL736RFZVSUWLWJ/
access	www.access.redhat.com/errata/RHSA-2024:9128
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

08 Nov 2025 07:13Current

CVSS 3.16.2

EPSS0.00077

CWE-476