NEWS: Add the news for CVE-2024-4418

Signed-off-by: Han Han <hhan@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2024-12-22 05:35:25 +00:00 · 2024-10-25 12:57:26 +08:00 · 2024-10-25 12:57:26 +08:00 · 6d9bf5b63c
commit 6d9bf5b63c
parent 5ca7daf397
1 changed files with 12 additions and 0 deletions
--- a/NEWS.rst
+++ b/NEWS.rst
@ -338,6 +338,18 @@ v10.5.0 (2024-07-01)
 v10.4.0 (2024-06-03)
 ====================

+* **Security**
+
+  * ``CVE-2024-4418``: Fix stack use-after-free in virNetClientIOEventLoop()
+
+    Fix race condition leading to a stack use-after-free bug was found in libvirt.
+    Due to a bad assumption in the virNetClientIOEventLoop() method, the data
+    pointer to a stack-allocated virNetClientIOEventData structure ended up being
+    used in the virNetClientIOEventFD callback while the data pointer's stack frame
+    was concurrently being "freed" when returning from virNetClientIOEventLoop().
+    This flaw allows a local, unprivileged user to access virtproxyd without
+    authenticating.
+
 * **New features**

  * qemu: Support for ras feature for virt machine type