AZL-40396

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-40396.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-40396

Upstream

CVE-2024-4418

Published

2024-05-08T03:15:07Z

Modified

2026-04-21T04:29:01.621341Z

Summary

CVE-2024-4418 affecting package libvirt for versions less than 10.0.0-5

Details

A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the data pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's stack frame was concurrently being "freed" when returning from virNetClientIOEventLoop(). The 'virtproxyd' daemon can be used to trigger requests. If libvirt is configured with fine-grained access control, this issue, in theory, allows a user to escape their otherwise limited access. This flaw allows a local, unprivileged user to access virtproxyd without authenticating. Remote users would need to authenticate before they could access it.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-4418

Affected packages

Azure Linux:3 / libvirt

Package

Name: libvirt
Purl: pkg:rpm/azure-linux/libvirt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

10.0.0-5

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-40396.json"