NEWS: Add the news for CVE-2024-2494

Signed-off-by: Han Han <hhan@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2024-12-22 05:35:25 +00:00 · 2024-10-25 12:57:25 +08:00 · 2024-10-25 12:57:25 +08:00 · 5ca7daf397
commit 5ca7daf397
parent eb2775e1d6
1 changed files with 12 additions and 0 deletions
--- a/NEWS.rst
+++ b/NEWS.rst
@ -491,6 +491,18 @@ v10.3.0 (2024-05-02)
 v10.2.0 (2024-04-02)
 ====================

+* **Security**
+
+  * ``CVE-2024-2494``: remote: check for negative array lengths before allocation
+
+   Fix the flaw of the RPC library APIs of libvirt. The RPC server
+   de-serialization code allocates memory for arrays before the non-negative
+   length check is performed by the C API entry points. Passing a negative length
+   to the g_new0 function results in a crash due to the negative length being
+   treated as a huge positive number. A local unprivileged user could use this
+   flaw to perform a denial of service attack by causing the libvirt daemon to
+   crash.
+
 * **New features**

  * ch: Basic save and restore support for ch driver