(RHSA-2024:4757) Moderate: libvirt security update

2024-07-2315:13:18

access.redhat.com

kvm

libvirt

security update

virtualization

cve-2024-4418

stack use-after-free

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

Confidence

High

JSON

Kernel-based Virtual Machine (KVM) offers a full virtualization solution forLinux on numerous hardware platforms. The virt:rhel module contains packageswhich provide user-space components used to run virtual machines using KVM.The packages also provide APIs for managing and interacting with the virtualized systems.

Security Fix(es):

libvirt: stack use-after-free in virNetClientIOEventLoop() (CVE-2024-4418)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat9x86_64libvirt-daemon-plugin-sanlock< 10.0.0-6.6.el9_4libvirt-daemon-plugin-sanlock-10.0.0-6.6.el9_4.x86_64.rpm
RedHat9s390xlibvirt-daemon-plugin-lockd-debuginfo< 10.0.0-6.6.el9_4libvirt-daemon-plugin-lockd-debuginfo-10.0.0-6.6.el9_4.s390x.rpm
RedHat9s390xlibvirt-daemon-driver-nwfilter-debuginfo< 10.0.0-6.6.el9_4libvirt-daemon-driver-nwfilter-debuginfo-10.0.0-6.6.el9_4.s390x.rpm
RedHat9x86_64libvirt-daemon-driver-nwfilter< 10.0.0-6.6.el9_4libvirt-daemon-driver-nwfilter-10.0.0-6.6.el9_4.x86_64.rpm
RedHat9aarch64libvirt-client-qemu< 10.0.0-6.6.el9_4libvirt-client-qemu-10.0.0-6.6.el9_4.aarch64.rpm
RedHat9x86_64libvirt-docs< 10.0.0-6.6.el9_4libvirt-docs-10.0.0-6.6.el9_4.x86_64.rpm
RedHat9x86_64libvirt-daemon-driver-qemu< 10.0.0-6.6.el9_4libvirt-daemon-driver-qemu-10.0.0-6.6.el9_4.x86_64.rpm
RedHat9aarch64libvirt-daemon-driver-storage-scsi-debuginfo< 10.0.0-6.6.el9_4libvirt-daemon-driver-storage-scsi-debuginfo-10.0.0-6.6.el9_4.aarch64.rpm
RedHat9x86_64libvirt-daemon-driver-storage-iscsi< 10.0.0-6.6.el9_4libvirt-daemon-driver-storage-iscsi-10.0.0-6.6.el9_4.x86_64.rpm
RedHat9s390xlibvirt-daemon-driver-storage-mpath< 10.0.0-6.6.el9_4libvirt-daemon-driver-storage-mpath-10.0.0-6.6.el9_4.s390x.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	9	x86_64	libvirt-daemon-plugin-sanlock	< 10.0.0-6.6.el9_4	libvirt-daemon-plugin-sanlock-10.0.0-6.6.el9_4.x86_64.rpm
RedHat	9	s390x	libvirt-daemon-plugin-lockd-debuginfo	< 10.0.0-6.6.el9_4	libvirt-daemon-plugin-lockd-debuginfo-10.0.0-6.6.el9_4.s390x.rpm
RedHat	9	s390x	libvirt-daemon-driver-nwfilter-debuginfo	< 10.0.0-6.6.el9_4	libvirt-daemon-driver-nwfilter-debuginfo-10.0.0-6.6.el9_4.s390x.rpm
RedHat	9	x86_64	libvirt-daemon-driver-nwfilter	< 10.0.0-6.6.el9_4	libvirt-daemon-driver-nwfilter-10.0.0-6.6.el9_4.x86_64.rpm
RedHat	9	aarch64	libvirt-client-qemu	< 10.0.0-6.6.el9_4	libvirt-client-qemu-10.0.0-6.6.el9_4.aarch64.rpm
RedHat	9	x86_64	libvirt-docs	< 10.0.0-6.6.el9_4	libvirt-docs-10.0.0-6.6.el9_4.x86_64.rpm
RedHat	9	x86_64	libvirt-daemon-driver-qemu	< 10.0.0-6.6.el9_4	libvirt-daemon-driver-qemu-10.0.0-6.6.el9_4.x86_64.rpm
RedHat	9	aarch64	libvirt-daemon-driver-storage-scsi-debuginfo	< 10.0.0-6.6.el9_4	libvirt-daemon-driver-storage-scsi-debuginfo-10.0.0-6.6.el9_4.aarch64.rpm
RedHat	9	x86_64	libvirt-daemon-driver-storage-iscsi	< 10.0.0-6.6.el9_4	libvirt-daemon-driver-storage-iscsi-10.0.0-6.6.el9_4.x86_64.rpm
RedHat	9	s390x	libvirt-daemon-driver-storage-mpath	< 10.0.0-6.6.el9_4	libvirt-daemon-driver-storage-mpath-10.0.0-6.6.el9_4.s390x.rpm