CVE-2024-1441 An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ae3831574e5c8344213c231e4b03acbb899f7fec commit ae3831574e5c8344213c231e4b03acbb899f7fec Author: Michal Privoznik <michal.privoznik@gmail.com> AuthorDate: 2024-04-13 18:49:27 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-04-14 00:41:52 +0000 app-emulation/libvirt: Backport fix for CVE-2024-1441 The fix made it into app-emulation/libvirt-10.1.0 release. Backport the fix into anything older. https://nvd.nist.gov/vuln/detail/CVE-2024-1441 Bug: https://bugs.gentoo.org/929965 Signed-off-by: Michal Privoznik <michal.privoznik@gmail.com> Signed-off-by: Sam James <sam@gentoo.org> ...y-one-error-in-udevListInterfacesByStatus.patch | 42 ++++++++++++++++++++++ app-emulation/libvirt/libvirt-10.0.0-r1.ebuild | 1 + app-emulation/libvirt/libvirt-9.8.0-r1.ebuild | 1 + app-emulation/libvirt/libvirt-9.9.0-r1.ebuild | 1 + 4 files changed, 45 insertions(+)