CVE-2024-8235

2024-08-3017:15:15

Debian Security Bug Tracker

security-tracker.debian.org

libvirt

flaw

virtinterfaced

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

Low

JSON

A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon.

OSVersionArchitecturePackageVersionFilename
Debian12alllibvirt< 9.0.0-4+deb12u1libvirt_9.0.0-4+deb12u1_all.deb
Debian11alllibvirt< 7.0.0-3+deb11u3libvirt_7.0.0-3+deb11u3_all.deb
Debian999alllibvirt< 10.7.0-1libvirt_10.7.0-1_all.deb
Debian13alllibvirt< 10.7.0-1libvirt_10.7.0-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	libvirt	< 9.0.0-4+deb12u1	libvirt_9.0.0-4+deb12u1_all.deb
Debian	11	all	libvirt	< 7.0.0-3+deb11u3	libvirt_7.0.0-3+deb11u3_all.deb
Debian	999	all	libvirt	< 10.7.0-1	libvirt_10.7.0-1_all.deb
Debian	13	all	libvirt	< 10.7.0-1	libvirt_10.7.0-1_all.deb