Lucene search

RedosROS-20240607-04

HistoryJun 07, 2024 - 12:00 a.m.

ROS-20240607-04

2024-06-0700:00:00

redos.red-soft.ru

libvirt

virtualization management

vulnerability

virnetclientioeventloop

exploitation

restricted access

virtproxyd

authentication

unix

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.6%

JSON

Vulnerability of the virNetClientIOEventLoop() method of the Libvirt virtualization management library is related to
incorrect execution of the data pointer to the structure virNetClientIOEventLoop() in the virNetClientIOEventLoop() method
virNetClientIOIOEventData. Exploitation of the vulnerability allows an attacker to escape restricted access and
gain access to virtproxyd without authentication

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64libvirt<= 7.6.0-7UNKNOWN

OS	Version	Architecture	Package	Version	Filename
redos	7.3	x86_64	libvirt	<= 7.6.0-7	UNKNOWN

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.6%

JSON

Related for ROS-20240607-04