Patching the Latest libvirt Vulnerabilities in Ubuntu

Rohan Timalsina

May 22, 2024 - TuxCare expert team

libvirt is a toolkit used for managing various virtualization technologies and platforms, including KVM, Xen, LXC, VMware, and others. It allows users to perform various tasks like creating, starting, stopping, and monitoring virtual machines, as well as managing storage and networking configurations. In recent updates from the Ubuntu security team, attention has been drawn to various vulnerabilities within libvirt. Security updates have been rolled out across multiple Ubuntu releases, including Ubuntu 23.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and the most recent Ubuntu 24.04 LTS release.

libvirt Vulnerabilities Fixed in Ubuntu

Here’s a list of the vulnerabilities that have been addressed:

CVE-2024-1441

An off-by-one error flaw in libvirt’s udevListInterfacesByStatus() function allows an unprivileged attacker to crash the libvirt daemon, causing a denial of service. The attacker could exploit this issue by sending specially crafted data to the libvirt daemon.

CVE-2024-2494

A vulnerability was discovered in the RPC library APIs of libvirt. The flaw lies in the RPC server’s deserialization code, which allocates memory for arrays before performing a non-negative length check. When a negative length is passed to the g_new0 function, it treats it as a huge positive number, resulting in a crash. This allows a local, unprivileged user to execute a denial-of-service attack by crashing the libvirt daemon.

CVE-2024-2496

A NULL pointer dereference vulnerability was discovered in libvirt’s udevConnectListAllInterfaces() function. This flaw arises when detaching a host interface while simultaneously collecting the interface list via the virConnectListAllInterfaces API. Exploiting this vulnerability could lead to a denial of service attack by crashing the libvirt daemon.

CVE-2024-4418

A race condition leading to a stack use-after-free flaw was discovered in libvirt. This issue arises from an incorrect assumption in the virNetClientIOEventLoop() method, where a `data` pointer to a stack-allocated virNetClientIOEventData structure is used in the virNetClientIOEventFD callback while the stack frame is being “freed” upon returning from virNetClientIOEventLoop(). The ‘virtproxyd’ daemon can trigger requests that exploit this flaw. If libvirt is configured with fine-grained access control, this vulnerability theoretically allows a user to bypass their restricted access. Consequently, a local, unprivileged user could access virtproxyd without authentication, whereas remote users would still need to authenticate.

Protecting Ubuntu Systems

To safeguard Ubuntu systems against these vulnerabilities, it is imperative to update the libvirt package to the latest available version. By promptly applying new updates, users can mitigate potential risks effectively and ensure the continued reliability and security of their Ubuntu systems.

Ubuntu 16.04 and 18.04 have reached their end-of-life (EOL) dates, meaning they no longer receive free security updates from official Ubuntu repositories. If upgrading isn’t feasible, you can utilize TuxCare’s Extended Lifecycle Support (ELS). ELS provides automated security patches for various packages, including libvirt, the Linux kernel, and common shared libraries (glibc, openssh, openssl, zlib) for an additional five years after the EOL date. This allows for additional time to plan the migration without the immediate pressure of a completely unsecured system. TuxCare’s ELS solution comes with a cost, but it extends security coverage for essential components on your Ubuntu system.

Send questions to a TuxCare security expert to learn how to set up Extended Lifecycle Support and the costs involved.

Source: USN-6734-1

Summary