THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE
PUBLISHED

CVE-2024-4418

Libvirt: stack use-after-free in virnetclientioeventloop()

Assignerredhat
Reserved2024-05-02
Published2024-05-08
Updated2024-07-09

Description

A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's stack frame was concurrently being "freed" when returning from virNetClientIOEventLoop(). The 'virtproxyd' daemon can be used to trigger requests. If libvirt is configured with fine-grained access control, this issue, in theory, allows a user to escape their otherwise limited access. This flaw allows a local, unprivileged user to access virtproxyd without authenticating. Remote users would need to authenticate before they could access it.



MEDIUM: 6.2CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

Use After Free

Product status

Default status
affected

8100020240606142719.489197e6 before *
unaffected

Default status
affected

8100020240606142719.489197e6 before *
unaffected

Default status
affected

0:9.0.0-10.7.el9_2 before *
unaffected

Default status
unknown

Default status
unknown

Default status
affected

Default status
affected

Timeline

2024-05-02:Reported to Red Hat.
2024-05-02:Made public.

Credits

Red Hat would like to thank Martin Širokov for reporting this issue.

References

https://access.redhat.com/errata/RHSA-2024:4351 (RHSA-2024:4351) vendor-advisory

https://access.redhat.com/errata/RHSA-2024:4432 (RHSA-2024:4432) vendor-advisory

https://access.redhat.com/security/cve/CVE-2024-4418 vdb-entry

https://bugzilla.redhat.com/show_bug.cgi?id=2278616 (RHBZ#2278616) issue-tracking

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4IE44UIIC3QWBFRB4EUSFNLJBU6JLNSD/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q4ZQBAJVHIZMCZNTRPUW3ZKXRKLXRQZU/

cve.org CVE-2024-4418

nvd.nist.gov CVE-2024-4418

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-4418
© Copyright 2024 THREATINT. Made in Cyprus with +