MiracleLinux 9 : libvirt-10.0.0-6.6.el9_4.ML.1 (AXSA:2024-8603:05)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8603:05 advisory. libvirt: stack use-after-free in virNetClientIOEventLoop CVE-2024-4418 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 8 : virt:rhel and virt-devel:rhel (AXSA:2024-8558:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8558:01 advisory. Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which...

TencentOS Server 4: libvirt (TSSA-2024:0961)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0961 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

RLSA-2024:4351 Low: virt:rhel and virt-devel:rhel security and bug fix update

Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the...

libvirt: stack use-after-free in virNetClientIOEventLoop()

A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop method, the data pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's...

ROS-20240607-04

Vulnerability of the virNetClientIOEventLoop method of the Libvirt virtualization management library is related to incorrect execution of the data pointer to the structure virNetClientIOEventLoop in the virNetClientIOEventLoop method virNetClientIOIOEventData. Exploitation of the vulnerability...

OESA-2024-1683 libvirt security update

Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support. Security Fixes: A race condition leading to a stack use-after-free flaw was found in libvirt. Due...

Libvirt: stack use-after-free in virnetclientioeventloop()

...

Use After Free

libvirt is vulnerable to Use After Free. The vulnerability is due to a race condition in the virNetClientIOEventLoop method, where the data pointer to a stack-allocated structure is used after the stack frame is freed. If libvirt is configured with fine-grained access control, an attacker could...

CVE-2024-4418

A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop method, the data pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's...

AZL-40447 CVE-2024-4418 affecting package libvirt for versions less than 7.10.0-10

A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop method, the data pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's...

CVE-2024-4418

A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop method, the data pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's...