Advisories » MGASA-2024-0163

Updated libvirt packages fix security vulnerability

Publication date: 09 May 2024
Modification date: 09 May 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-2496

Description

A NULL pointer dereference flaw was found in the
udevConnectListAllInterfaces() function in libvirt. This issue can occur
when detaching a host interface while at the same time collecting the
list of interfaces via virConnectListAllInterfaces API. This flaw could
be used to perform a denial of service attack by causing the libvirt
daemon to crash. (CVE-2024-2496)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33162
• https://lwn.net/Articles/971691/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2496

SRPMS

9/core

• libvirt-9.6.0-1.2.mga9