OESA-2024-1469
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1469
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2024-1469.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2024-1469
- Upstream
- Published
- 2024-04-19T11:07:46Z
- Modified
- 2025-08-12T05:41:23.167337Z
- Summary
- libvirt security update
- Details
-
Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The main package includes the libvirtd server exporting the virtualization support.
Security Fix(es):
An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the
namesarray. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.(CVE-2024-1441)A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.(CVE-2024-2494)
- Database specific
{ "severity": "Medium" }- References
Affected packages
openEuler:20.03-LTS-SP4 / libvirt
Package
- Name
- libvirt
- Purl
- pkg:rpm/openEuler/libvirt&distro=openEuler-20.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.2.0-24.oe2003sp4
Ecosystem specific
{
"aarch64": [
"libvirt-daemon-driver-qemu-6.2.0-24.oe2003sp4.aarch64.rpm",
"libvirt-daemon-driver-storage-6.2.0-24.oe2003sp4.aarch64.rpm",
"libvirt-daemon-driver-storage-rbd-6.2.0-24.oe2003sp4.aarch64.rpm",
"libvirt-daemon-config-network-6.2.0-24.oe2003sp4.aarch64.rpm",
"libvirt-admin-6.2.0-24.oe2003sp4.aarch64.rpm",
"libvirt-daemon-driver-storage-iscsi-direct-6.2.0-24.oe2003sp4.aarch64.rpm",
"libvirt-bash-completion-6.2.0-24.oe2003sp4.aarch64.rpm",
"libvirt-daemon-driver-storage-mpath-6.2.0-24.oe2003sp4.aarch64.rpm",
"libvirt-daemon-kvm-6.2.0-24.oe2003sp4.aarch64.rpm",
"libvirt-daemon-driver-interface-6.2.0-24.oe2003sp4.aarch64.rpm",
"libvirt-daemon-driver-storage-logical-6.2.0-24.oe2003sp4.aarch64.rpm",
"libvirt-daemon-config-nwfilter-6.2.0-24.oe2003sp4.aarch64.rpm",
"libvirt-daemon-driver-storage-core-6.2.0-24.oe2003sp4.aarch64.rpm",
"libvirt-devel-6.2.0-24.oe2003sp4.aarch64.rpm",
"libvirt-daemon-driver-storage-gluster-6.2.0-24.oe2003sp4.aarch64.rpm",
"libvirt-daemon-driver-secret-6.2.0-24.oe2003sp4.aarch64.rpm",
"libvirt-nss-6.2.0-24.oe2003sp4.aarch64.rpm",
"libvirt-6.2.0-24.oe2003sp4.aarch64.rpm",
"libvirt-docs-6.2.0-24.oe2003sp4.aarch64.rpm",
"libvirt-daemon-driver-nodedev-6.2.0-24.oe2003sp4.aarch64.rpm",
"libvirt-debugsource-6.2.0-24.oe2003sp4.aarch64.rpm",
"libvirt-libs-6.2.0-24.oe2003sp4.aarch64.rpm",
"libvirt-daemon-driver-storage-disk-6.2.0-24.oe2003sp4.aarch64.rpm",
"libvirt-daemon-qemu-6.2.0-24.oe2003sp4.aarch64.rpm",
"libvirt-daemon-driver-nwfilter-6.2.0-24.oe2003sp4.aarch64.rpm",
"libvirt-client-6.2.0-24.oe2003sp4.aarch64.rpm",
"libvirt-lock-sanlock-6.2.0-24.oe2003sp4.aarch64.rpm",
"libvirt-daemon-driver-storage-scsi-6.2.0-24.oe2003sp4.aarch64.rpm",
"libvirt-daemon-driver-network-6.2.0-24.oe2003sp4.aarch64.rpm",
"libvirt-daemon-6.2.0-24.oe2003sp4.aarch64.rpm",
"libvirt-debuginfo-6.2.0-24.oe2003sp4.aarch64.rpm",
"libvirt-wireshark-6.2.0-24.oe2003sp4.aarch64.rpm",
"libvirt-daemon-driver-storage-iscsi-6.2.0-24.oe2003sp4.aarch64.rpm"
],
"x86_64": [
"libvirt-wireshark-6.2.0-24.oe2003sp4.x86_64.rpm",
"libvirt-daemon-driver-nwfilter-6.2.0-24.oe2003sp4.x86_64.rpm",
"libvirt-lock-sanlock-6.2.0-24.oe2003sp4.x86_64.rpm",
"libvirt-daemon-6.2.0-24.oe2003sp4.x86_64.rpm",
"libvirt-daemon-driver-storage-scsi-6.2.0-24.oe2003sp4.x86_64.rpm",
"libvirt-daemon-driver-storage-mpath-6.2.0-24.oe2003sp4.x86_64.rpm",
"libvirt-daemon-driver-storage-iscsi-direct-6.2.0-24.oe2003sp4.x86_64.rpm",
"libvirt-client-6.2.0-24.oe2003sp4.x86_64.rpm",
"libvirt-daemon-driver-network-6.2.0-24.oe2003sp4.x86_64.rpm",
"libvirt-daemon-driver-secret-6.2.0-24.oe2003sp4.x86_64.rpm",
"libvirt-admin-6.2.0-24.oe2003sp4.x86_64.rpm",
"libvirt-devel-6.2.0-24.oe2003sp4.x86_64.rpm",
"libvirt-6.2.0-24.oe2003sp4.x86_64.rpm",
"libvirt-daemon-driver-qemu-6.2.0-24.oe2003sp4.x86_64.rpm",
"libvirt-daemon-driver-storage-6.2.0-24.oe2003sp4.x86_64.rpm",
"libvirt-docs-6.2.0-24.oe2003sp4.x86_64.rpm",
"libvirt-daemon-driver-storage-iscsi-6.2.0-24.oe2003sp4.x86_64.rpm",
"libvirt-daemon-driver-storage-disk-6.2.0-24.oe2003sp4.x86_64.rpm",
"libvirt-daemon-config-network-6.2.0-24.oe2003sp4.x86_64.rpm",
"libvirt-daemon-driver-nodedev-6.2.0-24.oe2003sp4.x86_64.rpm",
"libvirt-daemon-qemu-6.2.0-24.oe2003sp4.x86_64.rpm",
"libvirt-debugsource-6.2.0-24.oe2003sp4.x86_64.rpm",
"libvirt-daemon-driver-storage-gluster-6.2.0-24.oe2003sp4.x86_64.rpm",
"libvirt-libs-6.2.0-24.oe2003sp4.x86_64.rpm",
"libvirt-daemon-driver-interface-6.2.0-24.oe2003sp4.x86_64.rpm",
"libvirt-nss-6.2.0-24.oe2003sp4.x86_64.rpm",
"libvirt-daemon-kvm-6.2.0-24.oe2003sp4.x86_64.rpm",
"libvirt-daemon-driver-storage-rbd-6.2.0-24.oe2003sp4.x86_64.rpm",
"libvirt-daemon-config-nwfilter-6.2.0-24.oe2003sp4.x86_64.rpm",
"libvirt-daemon-driver-storage-logical-6.2.0-24.oe2003sp4.x86_64.rpm",
"libvirt-debuginfo-6.2.0-24.oe2003sp4.x86_64.rpm",
"libvirt-bash-completion-6.2.0-24.oe2003sp4.x86_64.rpm",
"libvirt-daemon-driver-storage-core-6.2.0-24.oe2003sp4.x86_64.rpm"
],
"src": [
"libvirt-6.2.0-24.oe2003sp4.src.rpm"
]
}