Bug 33162

Summary: libvirt new security issue CVE-2024-2496
Product: Mageia Reporter: Nicolas Salguero <nicolas.salguero>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: andrewsfarm, mageia, sysadmin-bugs
Version: 9Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA9-64-OK
Source RPM: libvirt-9.6.0-1.1.mga9.src.rpm CVE: CVE-2024-2496
Status comment:

Description Nicolas Salguero 2024-04-30 17:21:01 CEST 
RedHat has issued an advisory on April 30:
https://lwn.net/Articles/971691/

Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/2ca94317ac642a70921947150ced8acc674ccdc8
Nicolas Salguero 2024-04-30 17:21:33 CEST

Source RPM: (none) => libvirt-9.6.0-1.1.mga9.src.rpm
Status comment: (none) => Patch available from upstream
CVE: (none) => CVE-2024-2496

Comment 1 Lewis Smith 2024-04-30 20:33:59 CEST 
Cauldron is already patched for CVE-2024-2494. Should this CVE (2496) be for Cauldron also?

Assigning globally, no one packager in view.

Assignee: bugsquad => pkg-bugs

Comment 2 Nicolas Salguero 2024-05-02 16:03:24 CEST 
Suggested advisory:
========================

The updated packages fix a security vulnerability:

A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash. (CVE-2024-2496)

References:
https://lwn.net/Articles/971691/
========================

Updated packages in core/updates_testing:
========================
lib(64)nss_libvirt2-9.6.0-1.2.mga9
lib(64)virt0-9.6.0-1.2.mga9
lib(64)virt-devel-9.6.0-1.2.mga9
libvirt-client-qemu-9.6.0-1.2.mga9
libvirt-docs-9.6.0-1.2.mga9
libvirt-utils-9.6.0-1.2.mga9
mingw32-libvirt-9.6.0-1.2.mga9
mingw64-libvirt-9.6.0-1.2.mga9
wireshark-libvirt-9.6.0-1.2.mga9

from SRPM:
libvirt-9.6.0-1.2.mga9.src.rpm

Assignee: pkg-bugs => qa-bugs
Status: NEW => ASSIGNED
Status comment: Patch available from upstream => (none)

PC LX 2024-05-02 18:00:56 CEST

CC: (none) => mageia

katnatek 2024-05-02 19:59:16 CEST

Keywords: (none) => advisory

Comment 3 katnatek 2024-05-05 00:40:02 CEST 
RH mageia 9 x86_64

LC_ALL=C urpmi --auto --auto-update
medium "QA Testing (32-bit)" is up-to-date
medium "QA Testing (64-bit)" is up-to-date
medium "Core Release (distrib1)" is up-to-date
medium "Core Updates (distrib3)" is up-to-date
medium "Nonfree Release (distrib11)" is up-to-date
medium "Nonfree Updates (distrib13)" is up-to-date
medium "Tainted Release (distrib21)" is up-to-date
medium "Tainted Updates (distrib23)" is up-to-date
medium "Core 32bit Release (distrib31)" is up-to-date
medium "Core 32bit Updates (distrib32)" is up-to-date
medium "Nonfree 32bit Release (distrib36)" is up-to-date
medium "Tainted 32bit Release (distrib41)" is up-to-date
medium "Tainted 32bit Updates (distrib42)" is up-to-date


installing libvirt-utils-9.6.0-1.2.mga9.x86_64.rpm lib64virt0-9.6.0-1.2.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/2: lib64virt0            ##################################################################################################
      2/2: libvirt-utils         ##################################################################################################
      1/2: removing libvirt-utils-9.6.0-1.1.mga9.x86_64
                                 ##################################################################################################
      2/2: removing lib64virt0-9.6.0-1.1.mga9.x86_64
                                 ##################################################################################################

urpmq --whatrequires-recursive lib64virt0

includes gnome-boxes

strace gnome-boxes shows the library is open

openat(AT_FDCWD, "/lib64/libvirt.so.0", O_RDONLY|O_CLOEXEC) = 3

The elements of the VM that works before the update works after the update
Comment 4 PC LX 2024-05-05 01:33:44 CEST 
Installed and tested without issue.

Tested:
- virt-manager;
- virsh;
- remote (ssh) and local;
- QEMU/KVM nested inside Mageia 9 guest;
- qemu:///system;
- qemu:///session;
- integration with systemd-machined;
- virtio video/net/block device drivers;
- SPICE viewer;
- VNC viewer;
- LXC container;
- copy & paste to/from guest;
- desktop resizing;

Tested guests:
- Archlinux (LXC container);
- Android x86 9.0;
- Fedora 39;
- Fedora 40;
- FreeBSD 14;
- Kali Linux;
- Mageia 9 x86_64;
- Mageia 9 x86_64 with PCI pass through of GPU Radeon RX 6500 XT;
- Mageia 9 aarch64;
- Mageia Cauldron;
- memtest86;
- System Rescue 11.00
- Tail 6;
- Windows 10;
- Windows 11;
- Windows Server 2016 Datacenter;



System: Mageia 9, x86_64, Plasma DE, LXQt DE, AMD Ryzen 5 5600G with Radeon Graphics.



$ uname -a
Linux jupiter 6.6.28-desktop-1.mga9 #1 SMP PREEMPT_DYNAMIC Wed Apr 17 17:19:36 UTC 2024 x86_64 GNU/Linux
$ rpm -qa | grep -P 'lib(64)?virt'
python3-libvirt-9.1.0-1.mga9
lib64virt-glib1.0_0-4.0.0-5.mga9
lib64virt-glib-gir1.0-4.0.0-5.mga9
lib64virt0-9.6.0-1.2.mga9
libvirt-utils-9.6.0-1.2.mga9
katnatek 2024-05-06 00:50:18 CEST

CC: (none) => andrewsfarm

Comment 5 katnatek 2024-05-06 00:51:17 CEST 
Give OK as the test are the same as in previous round, bug#33047

Whiteboard: (none) => MGA9-64-OK

Comment 6 Thomas Andrews 2024-05-06 02:40:53 CEST 
Validating.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 7 Mageia Robot 2024-05-09 04:41:43 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0163.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED