Key Information Vulnerability Description Name: CVE-2024-8235 Public Disclosure Date: August 29, 2024 Last Updated Date: August 30, 2024 Severity: Medium Description: A flaw was discovered in libvirt, where on certain platforms, allocating 0 bytes of memory causes the function to return NULL. This could lead to a NULL pointer dereference and crash of the daemon. The vulnerability allows a client connected to a read-only socket to crash the daemon. Affected Packages and Red Hat Security Patches Affected Packages: - Red Hat Enterprise Linux 9: libvirt - Red Hat Enterprise Linux 8: virt:av/libvirt - Red Hat Enterprise Linux 8 Advanced Virtualization: virt:rhel/libvirt - Red Hat Enterprise Linux 7: libvirt - Red Hat Enterprise Linux 6: libvirt Unaffected Packages: - Red Hat Enterprise Linux 9: Not affected - Red Hat Enterprise Linux 8: Not affected - Red Hat Enterprise Linux 8 Advanced Virtualization: Not affected - Red Hat Enterprise Linux 7: Not affected - Red Hat Enterprise Linux 6: Not affected CVSS Score CVSS v3 Base Score: 6.2 Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality Impact: None Integrity Impact: None Availability Impact: High Frequently Asked Questions Why does Red Hat's CVSS v3 score or impact differ from other vendors? If my product is listed as "under investigation" or "affected," when will Red Hat release a patch to fix this vulnerability? If my product is listed as "not being fixed," what should I do? What are mitigations? I have a Red Hat product, but it is not listed above—am I affected? Why is my security scanner reporting that my product is affected by this vulnerability, even though my product version is fixed or unaffected? Additional Information Disclaimer: This page was automatically generated and has not been checked for errors or omissions. For questions or clarifications, please contact the Red Hat Product Security Team. Copyright: CVE description copyright © 2021