摘要:
A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon.
安全等级: Low
公告ID: KylinSec-SA-2024-3739
发布日期: 2024年9月20日
关联CVE: CVE-2024-8235
A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2024-8235 | KY3.4-5A | libvirt | Unaffected |
| CVE-2024-8235 | KY3.5.2 | libvirt | Unaffected |
| CVE-2024-8235 | V6 | libvirt | Unaffected |
