Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2024-4418

6.2 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 1 year ago

Libvirt: stack use-after-free in virnetclientioeventloop()

A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's stack frame was concurrently being "freed" when returning from virNetClientIOEventLoop(). The 'virtproxyd' daemon can be used to trigger requests. If libvirt is configured with fine-grained access control, this issue, in theory, allows a user to escape their otherwise limited access. This flaw allows a local, unprivileged user to access virtproxyd without authenticating. Remote users would need to authenticate before they could access it.

References

RHSA-2024:4351 vendor-advisoryx_transferredx_refsource_REDHAT
RHSA-2024:4432 vendor-advisoryx_transferredx_refsource_REDHAT
RHSA-2024:4757 vendor-advisoryx_transferredx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-4418 x_transferredvdb-entryx_refsource_REDHAT
RHBZ#2278616 x_transferredissue-trackingx_refsource_REDHAT
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://security.netapp.com/advisory/ntap-20250411-0002/

Affected products

libvirt

<10.4.0
*

virt:rhel

*

virt-devel:rhel

*

virt:av/libvirt

virt:rhel/libvirt

Matching in nixpkgs

pkgs.libvirt

Toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes

nixos-unstable 10.10.0
- nixpkgs-unstable 10.10.0
- nixos-unstable-small 10.10.0

pkgs.libvirt-glib

Library for working with virtual machines

nixos-unstable 5.0.0
- nixpkgs-unstable 5.0.0
- nixos-unstable-small 5.0.0

pkgs.python311Packages.libvirt

libvirt Python bindings

nixos-unstable 10.10.0
- nixpkgs-unstable 10.10.0
- nixos-unstable-small 10.10.0

pkgs.python312Packages.libvirt

libvirt Python bindings

nixos-unstable 10.10.0
- nixpkgs-unstable 10.10.0
- nixos-unstable-small 10.10.0

pkgs.rubyPackages.ruby-libvirt

None

nixos-unstable -
- nixos-unstable-small 0.8.2

pkgs.prometheus-libvirt-exporter

Prometheus metrics exporter for libvirt

nixos-unstable 2.3.3
- nixpkgs-unstable 2.3.3
- nixos-unstable-small 2.3.3

pkgs.terraform-providers.libvirt

None

nixos-unstable 0.8.1
- nixpkgs-unstable 0.8.1
- nixos-unstable-small 0.8.1

pkgs.rubyPackages_3_1.ruby-libvirt

None

nixos-unstable 0.8.2
- nixpkgs-unstable 0.8.2
- nixos-unstable-small 0.8.2

pkgs.rubyPackages_3_2.ruby-libvirt

None

nixos-unstable 0.8.2
- nixpkgs-unstable 0.8.2
- nixos-unstable-small 0.8.2

pkgs.rubyPackages_3_3.ruby-libvirt

None

nixos-unstable 0.8.2
- nixpkgs-unstable 0.8.2
- nixos-unstable-small 0.8.2

pkgs.rubyPackages_3_4.ruby-libvirt

None

nixos-unstable 0.8.2
- nixpkgs-unstable 0.8.2
- nixos-unstable-small 0.8.2

Package maintainers

@lovesegfault Bernardo Meurer <meurerbernardo@gmail.com>
@fpletz Franz Pletz <fpletz@fnordicwalking.de>
@globin Robin Gloster <mail@glob.in>
@farcaller Vladimir Pouzanov <farcaller@gmail.com>