diff --git a/NEWS.rst b/NEWS.rst
index ac64cf6974..69258880d2 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -13,6 +13,21 @@ v10.1.0 (unreleased)
 
 * **Security**
 
+  * ``CVE-2024-1441``: Fix off-by-one error leading to a crash
+
+    In **libvirt-1.0.0** there were couple of interface listing APIs
+    introduced which had an off-by-one error.  That error could lead to a
+    very rare crash if an array was passed to those functions which did
+    not fit all the interfaces.
+
+    In **libvirt-5.10** a check for non-NULL arrays has been adjusted to
+    allow for NULL arrays with size 0 instead of rejecting all NULL
+    arrays.  However that made the above issue significantly worse since
+    that off-by-one error now did not write beyond an array, but
+    dereferenced said NULL pointer making the crash certain in a
+    specific scenario in which a NULL array of size 0 was passed to the
+    aforementioned functions.
+
 * **Removed features**
 
 * **New features**
diff --git a/src/interface/interface_backend_udev.c b/src/interface/interface_backend_udev.c
index fb6799ed94..4091483060 100644
--- a/src/interface/interface_backend_udev.c
+++ b/src/interface/interface_backend_udev.c
@@ -222,7 +222,7 @@ udevListInterfacesByStatus(virConnectPtr conn,
         g_autoptr(virInterfaceDef) def = NULL;
 
         /* Ensure we won't exceed the size of our array */
-        if (count > names_len)
+        if (count >= names_len)
             break;
 
         path = udev_list_entry_get_name(dev_entry);