• CVE-2024-4418

发布时间: 2024年5月31日

修改时间: 2024年10月31日

概要

A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer s stack frame was concurrently being freed when returning from virNetClientIOEventLoop(). The virtproxyd daemon can be used to trigger requests. If libvirt is configured with fine-grained access control, this issue, in theory, allows a user to escape their otherwise limited access. This flaw allows a local, unprivileged user to access virtproxyd without authenticating. Remote users would need to authenticate before they could access it.

CVSS v3 指标

NVD openEuler
Confidentiality None
Attack Vector Local
CVSS评分 N/A 6.2
Attack Complexity Low
Privileges Required None
Scope Unchanged
Integrity None
User Interaction None
Availability High

安全公告

公告名 概要 发布时间
KylinSec-SA-2024-4789 libvirt security update 2025年2月17日

影响产品

产品 状态
KY3.4-4A libvirt Fixed
KY3.4-5 libvirt Fixed
KY3.5.1 libvirt Fixed
KY3.5.2 libvirt Fixed
V6 libvirt Fixed