Lucene search

K
osvGoogleOSV:ALSA-2024:4351
HistoryJul 08, 2024 - 12:00 a.m.

Low: virt:rhel and virt-devel:rhel security and bug fix update

2024-07-0800:00:00
Google
osv.dev
8
kvm
virtualization
linux
security fix
bug fix
libvirt
cve-2024-4418
virsh
jira:almalinux-36064
api
hardware platform

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

Low

EPSS

0

Percentile

16.3%

Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.

Security Fix:

  • virt:rhel/libvirt: stack use-after-free in virNetClientIOEventLoop (CVE-2024-4418)

Bug fix:

  • virsh destroy with --graceful destroyed a paused guest (qemu process paused by SIGSTOP) (JIRA:AlmaLinux-36064)

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

Low

EPSS

0

Percentile

16.3%