CVE-2024-4418

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-4418

6.2 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

A

race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's stack frame was concurrently being "freed" when returning from virNetClientIOEventLoop(). The 'virtproxyd' daemon can be used to trigger requests. If libvirt is configured with fine-grained access control, this issue, in theory, allows a user to escape their otherwise limited access. This flaw allows a local, unprivileged user to access virtproxyd without authenticating. Remote users would need to authenticate before they could access it.

References
Link Resource
https://access.redhat.com/errata/RHSA-2024:4351
https://access.redhat.com/errata/RHSA-2024:4432
https://access.redhat.com/errata/RHSA-2024:4757
https://access.redhat.com/security/cve/CVE-2024-4418
https://bugzilla.redhat.com/show_bug.cgi?id=2278616
https://access.redhat.com/errata/RHSA-2024:4351
https://access.redhat.com/errata/RHSA-2024:4432
https://access.redhat.com/errata/RHSA-2024:4757
https://access.redhat.com/security/cve/CVE-2024-4418
https://bugzilla.redhat.com/show_bug.cgi?id=2278616
https://lists.fedoraproject.org/archives/list/[email protected]/message/4IE44UIIC3QWBFRB4EUSFNLJBU6JLNSD/
https://lists.fedoraproject.org/archives/list/[email protected]/message/Q4ZQBAJVHIZMCZNTRPUW3ZKXRKLXRQZU/
https://security.netapp.com/advisory/ntap-20250411-0002/
Configurations

No configuration.

History

25 Feb 2026, 21:16

Type Values Removed Values Added
CWE CWE-416 CWE-562

11 Apr 2025, 22:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20250411-0002/ -

21 Nov 2024, 09:42

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/[email protected]/message/4IE44UIIC3QWBFRB4EUSFNLJBU6JLNSD/ -
  • () https://lists.fedoraproject.org/archives/list/[email protected]/message/Q4ZQBAJVHIZMCZNTRPUW3ZKXRKLXRQZU/ -
References () https://access.redhat.com/errata/RHSA-2024:4351 - () https://access.redhat.com/errata/RHSA-2024:4351 -
References () https://access.redhat.com/errata/RHSA-2024:4432 - () https://access.redhat.com/errata/RHSA-2024:4432 -
References () https://access.redhat.com/errata/RHSA-2024:4757 - () https://access.redhat.com/errata/RHSA-2024:4757 -
References () https://access.redhat.com/security/cve/CVE-2024-4418 - () https://access.redhat.com/security/cve/CVE-2024-4418 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=2278616 - () https://bugzilla.redhat.com/show_bug.cgi?id=2278616 -

13 Sep 2024, 22:15

Type Values Removed Values Added
References

23 Jul 2024, 22:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:4757 -

09 Jul 2024, 17:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:4432 -

08 Jul 2024, 05:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:4351 -

21 Jun 2024, 02:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/[email protected]/message/Q4ZQBAJVHIZMCZNTRPUW3ZKXRKLXRQZU/ -

11 Jun 2024, 04:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/[email protected]/message/4IE44UIIC3QWBFRB4EUSFNLJBU6JLNSD/ -

08 May 2024, 13:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-08 03:15

Updated : 2026-02-25 21:16

NVD link : CVE-2024-4418

Mitre link : CVE-2024-4418

CVE.ORG link : CVE-2024-4418

JSON object : View

Products Affected

No product.

CWE
CWE-562

Return of Stack Variable Address