SUSE update for libvirt



Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-4418
CWE-ID CWE-362
Exploitation vector Local
Public exploit N/A
Vulnerable software
Server Applications Module
Operating systems & Components / Operating system

Basesystem Module
Operating systems & Components / Operating system

SUSE Linux Enterprise Real Time 15
Operating systems & Components / Operating system

openSUSE Leap
Operating systems & Components / Operating system

SUSE Linux Enterprise Server for SAP Applications 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Desktop 15
Operating systems & Components / Operating system

libvirt-client-64bit-debuginfo
Operating systems & Components / Operating system package or component

libvirt-devel-64bit
Operating systems & Components / Operating system package or component

libvirt-doc
Operating systems & Components / Operating system package or component

libvirt-daemon-driver-storage-rbd-debuginfo
Operating systems & Components / Operating system package or component

libvirt-daemon-driver-storage-rbd
Operating systems & Components / Operating system package or component

libvirt-daemon-driver-libxl-debuginfo
Operating systems & Components / Operating system package or component

libvirt-daemon-driver-libxl
Operating systems & Components / Operating system package or component

libvirt-daemon-xen
Operating systems & Components / Operating system package or component

libvirt-devel-32bit
Operating systems & Components / Operating system package or component

libvirt-client-32bit-debuginfo
Operating systems & Components / Operating system package or component

libvirt-daemon-driver-storage-mpath
Operating systems & Components / Operating system package or component

libvirt-daemon-driver-storage-disk-debuginfo
Operating systems & Components / Operating system package or component

libvirt-nss-debuginfo
Operating systems & Components / Operating system package or component

libvirt-daemon-hooks
Operating systems & Components / Operating system package or component

libvirt-daemon
Operating systems & Components / Operating system package or component

libvirt-daemon-driver-secret
Operating systems & Components / Operating system package or component

libvirt-daemon-debuginfo
Operating systems & Components / Operating system package or component

libvirt-daemon-driver-storage-mpath-debuginfo
Operating systems & Components / Operating system package or component

libvirt-daemon-driver-storage-iscsi
Operating systems & Components / Operating system package or component

libvirt-daemon-driver-secret-debuginfo
Operating systems & Components / Operating system package or component

libvirt-client
Operating systems & Components / Operating system package or component

libvirt-daemon-driver-nwfilter
Operating systems & Components / Operating system package or component

libvirt-daemon-proxy-debuginfo
Operating systems & Components / Operating system package or component

libvirt-daemon-driver-storage-scsi
Operating systems & Components / Operating system package or component

libvirt-daemon-driver-storage-iscsi-debuginfo
Operating systems & Components / Operating system package or component

libvirt-daemon-driver-network-debuginfo
Operating systems & Components / Operating system package or component

wireshark-plugin-libvirt-debuginfo
Operating systems & Components / Operating system package or component

libvirt-daemon-driver-storage-iscsi-direct-debuginfo
Operating systems & Components / Operating system package or component

libvirt-daemon-lxc
Operating systems & Components / Operating system package or component

libvirt-daemon-config-network
Operating systems & Components / Operating system package or component

libvirt-daemon-config-nwfilter
Operating systems & Components / Operating system package or component

libvirt-daemon-plugin-sanlock-debuginfo
Operating systems & Components / Operating system package or component

libvirt-daemon-driver-storage-iscsi-direct
Operating systems & Components / Operating system package or component

libvirt-daemon-driver-storage-gluster-debuginfo
Operating systems & Components / Operating system package or component

libvirt-client-debuginfo
Operating systems & Components / Operating system package or component

libvirt-nss
Operating systems & Components / Operating system package or component

libvirt-daemon-lock-debuginfo
Operating systems & Components / Operating system package or component

libvirt-daemon-plugin-sanlock
Operating systems & Components / Operating system package or component

libvirt-daemon-driver-qemu
Operating systems & Components / Operating system package or component

libvirt-debugsource
Operating systems & Components / Operating system package or component

libvirt-daemon-common
Operating systems & Components / Operating system package or component

libvirt-daemon-driver-storage-gluster
Operating systems & Components / Operating system package or component

libvirt-devel
Operating systems & Components / Operating system package or component

libvirt-daemon-driver-nodedev
Operating systems & Components / Operating system package or component

libvirt-daemon-driver-storage-disk
Operating systems & Components / Operating system package or component

libvirt-daemon-log
Operating systems & Components / Operating system package or component

libvirt-daemon-driver-nwfilter-debuginfo
Operating systems & Components / Operating system package or component

libvirt-daemon-common-debuginfo
Operating systems & Components / Operating system package or component

libvirt-daemon-driver-storage-core-debuginfo
Operating systems & Components / Operating system package or component

libvirt-daemon-driver-storage-core
Operating systems & Components / Operating system package or component

libvirt-daemon-driver-storage-scsi-debuginfo
Operating systems & Components / Operating system package or component

libvirt-libs-debuginfo
Operating systems & Components / Operating system package or component

libvirt-client-qemu
Operating systems & Components / Operating system package or component

libvirt
Operating systems & Components / Operating system package or component

libvirt-daemon-driver-qemu-debuginfo
Operating systems & Components / Operating system package or component

libvirt-daemon-driver-interface-debuginfo
Operating systems & Components / Operating system package or component

libvirt-daemon-qemu
Operating systems & Components / Operating system package or component

libvirt-daemon-log-debuginfo
Operating systems & Components / Operating system package or component

libvirt-daemon-driver-lxc
Operating systems & Components / Operating system package or component

libvirt-daemon-driver-network
Operating systems & Components / Operating system package or component

libvirt-daemon-driver-interface
Operating systems & Components / Operating system package or component

wireshark-plugin-libvirt
Operating systems & Components / Operating system package or component

libvirt-daemon-plugin-lockd-debuginfo
Operating systems & Components / Operating system package or component

libvirt-daemon-driver-storage-logical-debuginfo
Operating systems & Components / Operating system package or component

libvirt-daemon-driver-nodedev-debuginfo
Operating systems & Components / Operating system package or component

libvirt-daemon-driver-storage
Operating systems & Components / Operating system package or component

libvirt-daemon-lock
Operating systems & Components / Operating system package or component

libvirt-daemon-driver-storage-logical
Operating systems & Components / Operating system package or component

libvirt-daemon-driver-lxc-debuginfo
Operating systems & Components / Operating system package or component

libvirt-daemon-plugin-lockd
Operating systems & Components / Operating system package or component

libvirt-libs
Operating systems & Components / Operating system package or component

libvirt-daemon-proxy
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Race condition

EUVDB-ID: #VU89356

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-4418

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in virNetClientIOEventLoop(). A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Mitigation

Update the affected package libvirt to the latest version.

Vulnerable software versions

Server Applications Module: 15-SP6

Basesystem Module: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

SUSE Linux Enterprise Desktop 15: SP6

libvirt-client-64bit-debuginfo: before 10.0.0-150600.8.3.1

libvirt-devel-64bit: before 10.0.0-150600.8.3.1

libvirt-doc: before 10.0.0-150600.8.3.1

libvirt-daemon-driver-storage-rbd-debuginfo: before 10.0.0-150600.8.3.1

libvirt-daemon-driver-storage-rbd: before 10.0.0-150600.8.3.1

libvirt-daemon-driver-libxl-debuginfo: before 10.0.0-150600.8.3.1

libvirt-daemon-driver-libxl: before 10.0.0-150600.8.3.1

libvirt-daemon-xen: before 10.0.0-150600.8.3.1

libvirt-devel-32bit: before 10.0.0-150600.8.3.1

libvirt-client-32bit-debuginfo: before 10.0.0-150600.8.3.1

libvirt-daemon-driver-storage-mpath: before 10.0.0-150600.8.3.1

libvirt-daemon-driver-storage-disk-debuginfo: before 10.0.0-150600.8.3.1

libvirt-nss-debuginfo: before 10.0.0-150600.8.3.1

libvirt-daemon-hooks: before 10.0.0-150600.8.3.1

libvirt-daemon: before 10.0.0-150600.8.3.1

libvirt-daemon-driver-secret: before 10.0.0-150600.8.3.1

libvirt-daemon-debuginfo: before 10.0.0-150600.8.3.1

libvirt-daemon-driver-storage-mpath-debuginfo: before 10.0.0-150600.8.3.1

libvirt-daemon-driver-storage-iscsi: before 10.0.0-150600.8.3.1

libvirt-daemon-driver-secret-debuginfo: before 10.0.0-150600.8.3.1

libvirt-client: before 10.0.0-150600.8.3.1

libvirt-daemon-driver-nwfilter: before 10.0.0-150600.8.3.1

libvirt-daemon-proxy-debuginfo: before 10.0.0-150600.8.3.1

libvirt-daemon-driver-storage-scsi: before 10.0.0-150600.8.3.1

libvirt-daemon-driver-storage-iscsi-debuginfo: before 10.0.0-150600.8.3.1

libvirt-daemon-driver-network-debuginfo: before 10.0.0-150600.8.3.1

wireshark-plugin-libvirt-debuginfo: before 10.0.0-150600.8.3.1

libvirt-daemon-driver-storage-iscsi-direct-debuginfo: before 10.0.0-150600.8.3.1

libvirt-daemon-lxc: before 10.0.0-150600.8.3.1

libvirt-daemon-config-network: before 10.0.0-150600.8.3.1

libvirt-daemon-config-nwfilter: before 10.0.0-150600.8.3.1

libvirt-daemon-plugin-sanlock-debuginfo: before 10.0.0-150600.8.3.1

libvirt-daemon-driver-storage-iscsi-direct: before 10.0.0-150600.8.3.1

libvirt-daemon-driver-storage-gluster-debuginfo: before 10.0.0-150600.8.3.1

libvirt-client-debuginfo: before 10.0.0-150600.8.3.1

libvirt-nss: before 10.0.0-150600.8.3.1

libvirt-daemon-lock-debuginfo: before 10.0.0-150600.8.3.1

libvirt-daemon-plugin-sanlock: before 10.0.0-150600.8.3.1

libvirt-daemon-driver-qemu: before 10.0.0-150600.8.3.1

libvirt-debugsource: before 10.0.0-150600.8.3.1

libvirt-daemon-common: before 10.0.0-150600.8.3.1

libvirt-daemon-driver-storage-gluster: before 10.0.0-150600.8.3.1

libvirt-devel: before 10.0.0-150600.8.3.1

libvirt-daemon-driver-nodedev: before 10.0.0-150600.8.3.1

libvirt-daemon-driver-storage-disk: before 10.0.0-150600.8.3.1

libvirt-daemon-log: before 10.0.0-150600.8.3.1

libvirt-daemon-driver-nwfilter-debuginfo: before 10.0.0-150600.8.3.1

libvirt-daemon-common-debuginfo: before 10.0.0-150600.8.3.1

libvirt-daemon-driver-storage-core-debuginfo: before 10.0.0-150600.8.3.1

libvirt-daemon-driver-storage-core: before 10.0.0-150600.8.3.1

libvirt-daemon-driver-storage-scsi-debuginfo: before 10.0.0-150600.8.3.1

libvirt-libs-debuginfo: before 10.0.0-150600.8.3.1

libvirt-client-qemu: before 10.0.0-150600.8.3.1

libvirt: before 10.0.0-150600.8.3.1

libvirt-daemon-driver-qemu-debuginfo: before 10.0.0-150600.8.3.1

libvirt-daemon-driver-interface-debuginfo: before 10.0.0-150600.8.3.1

libvirt-daemon-qemu: before 10.0.0-150600.8.3.1

libvirt-daemon-log-debuginfo: before 10.0.0-150600.8.3.1

libvirt-daemon-driver-lxc: before 10.0.0-150600.8.3.1

libvirt-daemon-driver-network: before 10.0.0-150600.8.3.1

libvirt-daemon-driver-interface: before 10.0.0-150600.8.3.1

wireshark-plugin-libvirt: before 10.0.0-150600.8.3.1

libvirt-daemon-plugin-lockd-debuginfo: before 10.0.0-150600.8.3.1

libvirt-daemon-driver-storage-logical-debuginfo: before 10.0.0-150600.8.3.1

libvirt-daemon-driver-nodedev-debuginfo: before 10.0.0-150600.8.3.1

libvirt-daemon-driver-storage: before 10.0.0-150600.8.3.1

libvirt-daemon-lock: before 10.0.0-150600.8.3.1

libvirt-daemon-driver-storage-logical: before 10.0.0-150600.8.3.1

libvirt-daemon-driver-lxc-debuginfo: before 10.0.0-150600.8.3.1

libvirt-daemon-plugin-lockd: before 10.0.0-150600.8.3.1

libvirt-libs: before 10.0.0-150600.8.3.1

libvirt-daemon-proxy: before 10.0.0-150600.8.3.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241962-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###