{
  "threat_severity" : "Moderate",
  "public_date" : "2024-03-01T00:00:00Z",
  "bugzilla" : {
    "description" : "libvirt: off-by-one error in udevListInterfacesByStatus()",
    "id" : "2263841",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2263841"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-193",
  "details" : [ "An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.", "An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash." ],
  "statement" : "The off-by-one error discovered in libvirt's udevListInterfacesByStatus() function represents a moderate severity issue due to its potential to cause a denial of service (DoS) condition. The vulnerability occurs when the number of interfaces exceeds the length parameter, leading to a segmentation fault when a specially crafted entry is sent to the libvirt daemon. While exploitation requires the attacker to be unprivileged, the ability to crash the libvirt daemon could disrupt virtualization services. However, the impact is mitigated by the fact that it does not directly grant attackers privileged access or enable arbitrary code execution.",
  "acknowledgement" : "Red Hat would like to thank Alexander Kuznetsov for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2560",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "libvirt-0:10.0.0-6.2.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "libvirt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "libvirt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "virt:rhel/libvirt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8 Advanced Virtualization",
    "fix_state" : "Will not fix",
    "package_name" : "virt:av/libvirt",
    "cpe" : "cpe:/a:redhat:advanced_virtualization:8::el8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-1441\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-1441" ],
  "name" : "CVE-2024-1441",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}