The vulnerability of the Libvirt virtualization management library, related to the incorrect assignment of permissions to critical resources, allows a hacker to gain access to confidential information.

The vulnerability of the Libvirt virtualization management library is related to the creation of SELinux MCS category pairs for dynamic virtual machine tags. Exploiting this vulnerability can allow a malicious actor to gain access to confidential information...

Debian dla-3778 : libnss-libvirt - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3778 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3778-1 [email protected]...

DLA-3778-1 libvirt - security update

Bulletin has no description...

[SECURITY] Fedora 40 Update: libvirt-sandbox-0.8.0-15.fc40

This package provides a command for running applications within a sandbox using libvirt...

The vulnerability of the g_new0() function in the virtualization management library Libvirt, which allows a hacker to trigger a service failure

The vulnerability of the gnew0 function in the Libvirt virtualization management library is related to an improper check of the negative length of an array before memory allocation. Exploiting this vulnerability could allow a attacker to cause a service failure...

ROS-20240329-20

Vulnerability in the virNWFilterObjListNumOfNWFilters method of the Libvirt virtualization management library is due to with insufficient blocking. Exploitation of the vulnerability allows an attacker acting remotely, cause a denial of service Vulnerability in virStoragePoolLookupByTargetPath API...

[SECURITY] Fedora 38 Update: libvirt-9.0.0-5.fc38

Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support...

Fedora: Security Advisory for libvirt (FEDORA-2024-1a59230214)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : libvirt (SUSE-SU-2024:1005-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1005-1 advisory. - An off-by-one error flaw was found in the udevListInterfacesByStatus function in libvirt when the number of interfaces exceeds th...

SUSE-SU-2024:1005-1 Security update for libvirt

This update for libvirt fixes the following issues: - CVE-2024-2496: Fixed NULL pointer dereference in udevConnectListAllInterfaces bsc1221468. - CVE-2024-1441: Fix off-by-one error in udevListInterfacesByStatus bsc1221237...

Fedora 38 : libvirt (2024-1a59230214)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-1a59230214 advisory. Fix crash listing interfaces with missing link status attribute rhbz 2266014 Fix crash listing interfaces with missized array CVE-2024-1441 Tenable...

Fedora: Security Advisory (FEDORA-2024-d96cdeb8ec)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2024-2494

A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the gnew0 function results in a crash due to the negative length being...

AZL-38665 CVE-2024-2494 affecting package libvirt for versions less than 10.0.0-4

A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the gnew0 function results in a crash due to the negative length being...

AZL-37110 CVE-2024-2494 affecting package libvirt for versions less than 7.10.0-9

A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the gnew0 function results in a crash due to the negative length being...

CVE-2024-2494

A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the gnew0 function results in a crash due to the negative length being...

CVE-2024-2494

A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the gnew0 function results in a crash due to the negative length being...

DEBIAN-CVE-2024-2494

A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the gnew0 function results in a crash due to the negative length being...

CVE-2024-2494 Libvirt: negative g_new0 length can lead to unbounded memory allocation

A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the gnew0 function results in a crash due to the negative length being...

CVE-2024-2494

CVE-2024-2494 affects libvirt RPC library APIs: during server deserialization, memory for arrays is allocated before non-negative length checks, so passing a negative length to g_new0 crashes the libvirt daemon. This vulnerability can allow a local, unprivileged user to trigger a denial of servic...