Medium severity5.5NVD Advisory· Published Mar 11, 2024· Updated Apr 15, 2026

CVE-2024-1441

Description

An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the names array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/errata/RHSA-2024:2560nvd
access.redhat.com/security/cve/CVE-2024-1441nvd
bugzilla.redhat.com/show_bug.cginvd
lists.debian.org/debian-lts-announce/2024/04/msg00000.htmlnvd
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/45FFKU3LODT345LAB5T4XZA5WKYMXJYU/nvd
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E6MVZO5GXDB7RHY6MS3ZXES3HPK34P3A/nvd
security.netapp.com/advisory/ntap-20250411-0003/nvd

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000