Libvirt · Libvirt · CVE-2024-4418
Name of the Vulnerable Software and Affected Versions:
libvirt (affected versions not specified)
Description:
A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the `virNetClientIOEventLoop()` method, the `data` pointer to a stack-allocated `virNetClientIOEventData` structure ended up being used in the `virNetClientIOEventFD` callback while the `data` pointer's stack frame was concurrently being freed when returning from `virNetClientIOEventLoop()`. The 'virtproxyd' daemon can be used to trigger requests. If libvirt is configured with fine-grained access control, this issue, in theory, allows a user to escape their otherwise limited access. This flaw allows a local, unprivileged user to access virtproxyd without authenticating. Remote users would need to authenticate before they could access it.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.