Bugzilla – Bug 1221815
VUL-0: CVE-2024-2494: libvirt: negative g_new0 length can lead to unbounded memory allocation
Last modified: 2024-05-10 08:01:16 UTC
A flaw was found in the RPC library APIs of libvirt. The RPC server de-serialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. A local unprivileged user could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-2494 https://bugzilla.redhat.com/show_bug.cgi?id=2270115
Affects all codestreams.
(In reply to Carlos López from comment #1) > Affects all codestreams. Let's explicitly list those so I don't forget any. AFAIK, it would be - openSUSE:Factory - SUSE:ALP:Source:Standard:1.0 - SUSE:SLE-15-SP6:GA - SUSE:SLE-15-SP5:Update - SUSE:SLE-15-SP4:Update - SUSE:SLE-15-SP3:Update - SUSE:SLE-15-SP2:Update - SUSE:SLE-12-SP5:Update - SUSE:SLE-12-SP3:Update Did I miss any?
(In reply to James Fehlig from comment #2) > - openSUSE:Factory > - SUSE:ALP:Source:Standard:1.0 > - SUSE:SLE-15-SP6:GA > - SUSE:SLE-15-SP5:Update > - SUSE:SLE-15-SP4:Update > - SUSE:SLE-15-SP3:Update > - SUSE:SLE-15-SP2:Update > - SUSE:SLE-12-SP5:Update > - SUSE:SLE-12-SP3:Update > > Did I miss any? No. There are other codestreams, but they are under reactive support only, so the list is complete.
This is an autogenerated message for OBS integration: This bug (1221815) was mentioned in https://build.opensuse.org/request/show/1160500 Factory / libvirt
I've submitted an updated libvirt containing the fix to all codestreams. Passing the bug to security-team@ for continued processing.
SUSE-SU-2024:1078-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1221815 CVE References: CVE-2024-2494 Maintenance Incident: [SUSE:Maintenance:33143](https://smelt.suse.de/incident/33143/) Sources used: openSUSE Leap 15.3 (src): libvirt-7.1.0-150300.6.41.1 Server Applications Module 15-SP5 (src): libvirt-7.1.0-150300.6.41.1 SUSE Linux Enterprise Micro 5.1 (src): libvirt-7.1.0-150300.6.41.1 SUSE Linux Enterprise Micro 5.2 (src): libvirt-7.1.0-150300.6.41.1 SUSE Linux Enterprise Micro for Rancher 5.2 (src): libvirt-7.1.0-150300.6.41.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1083-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1221815 CVE References: CVE-2024-2494 Maintenance Incident: [SUSE:Maintenance:33153](https://smelt.suse.de/incident/33153/) Sources used: SUSE Linux Enterprise High Performance Computing 12 SP5 (src): libvirt-5.1.0-13.42.1 SUSE Linux Enterprise Server 12 SP5 (src): libvirt-5.1.0-13.42.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): libvirt-5.1.0-13.42.1 SUSE Linux Enterprise Software Development Kit 12 SP5 (src): libvirt-5.1.0-13.42.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1100-1: An update that solves one vulnerability and has one security fix can now be installed. Category: security (moderate) Bug References: 1221749, 1221815 CVE References: CVE-2024-2494 Maintenance Incident: [SUSE:Maintenance:33033](https://smelt.suse.de/incident/33033/) Sources used: openSUSE Leap 15.4 (src): libvirt-8.0.0-150400.7.11.2 openSUSE Leap Micro 5.3 (src): libvirt-8.0.0-150400.7.11.2 openSUSE Leap Micro 5.4 (src): libvirt-8.0.0-150400.7.11.2 SUSE Linux Enterprise Micro for Rancher 5.3 (src): libvirt-8.0.0-150400.7.11.2 SUSE Linux Enterprise Micro 5.3 (src): libvirt-8.0.0-150400.7.11.2 SUSE Linux Enterprise Micro for Rancher 5.4 (src): libvirt-8.0.0-150400.7.11.2 SUSE Linux Enterprise Micro 5.4 (src): libvirt-8.0.0-150400.7.11.2 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): libvirt-8.0.0-150400.7.11.2 SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): libvirt-8.0.0-150400.7.11.2 SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): libvirt-8.0.0-150400.7.11.2 SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): libvirt-8.0.0-150400.7.11.2 SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): libvirt-8.0.0-150400.7.11.2 SUSE Manager Proxy 4.3 (src): libvirt-8.0.0-150400.7.11.2 SUSE Manager Retail Branch Server 4.3 (src): libvirt-8.0.0-150400.7.11.2 SUSE Manager Server 4.3 (src): libvirt-8.0.0-150400.7.11.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1099-1: An update that solves three vulnerabilities and has three security fixes can now be installed. Category: security (moderate) Bug References: 1214223, 1216980, 1220512, 1221237, 1221468, 1221815 CVE References: CVE-2024-1441, CVE-2024-2494, CVE-2024-2496 Maintenance Incident: [SUSE:Maintenance:32869](https://smelt.suse.de/incident/32869/) Sources used: openSUSE Leap 15.5 (src): libvirt-9.0.0-150500.6.20.1 SUSE Linux Enterprise Micro 5.5 (src): libvirt-9.0.0-150500.6.20.1 Basesystem Module 15-SP5 (src): libvirt-9.0.0-150500.6.20.1 Server Applications Module 15-SP5 (src): libvirt-9.0.0-150500.6.20.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.