Security update for libvirt SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:20012-1 Final 1 1 2025-02-03T08:47:37Z current 2025-02-03T08:47:37Z 2025-02-03T08:47:37Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libvirt This update for libvirt fixes the following issues: Security issue fixed: - CVE-2024-4418: rpc: ensure temporary GSource is removed from client event loop (bsc#1223849) Non-security issue fixed: - libxl: Fix domxml-to-native conversion (bsc#1222584) - qemu: Fix migration with custom XML (bsc#1226492) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Micro-6.0-40 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202520012-1/ Link for SUSE-SU-2025:20012-1 https://lists.suse.com/pipermail/sle-security-updates/2025-June/021361.html E-Mail link for SUSE-SU-2025:20012-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1222584 SUSE Bug 1222584 https://bugzilla.suse.com/1223849 SUSE Bug 1223849 https://bugzilla.suse.com/1226492 SUSE Bug 1226492 https://www.suse.com/security/cve/CVE-2024-4418/ SUSE CVE CVE-2024-4418 page SUSE Linux Micro 6.0 libvirt-client-10.0.0-3.1 libvirt-client-qemu-10.0.0-3.1 libvirt-daemon-10.0.0-3.1 libvirt-daemon-common-10.0.0-3.1 libvirt-daemon-config-network-10.0.0-3.1 libvirt-daemon-driver-network-10.0.0-3.1 libvirt-daemon-driver-nodedev-10.0.0-3.1 libvirt-daemon-driver-nwfilter-10.0.0-3.1 libvirt-daemon-driver-qemu-10.0.0-3.1 libvirt-daemon-driver-secret-10.0.0-3.1 libvirt-daemon-driver-storage-10.0.0-3.1 libvirt-daemon-driver-storage-core-10.0.0-3.1 libvirt-daemon-driver-storage-disk-10.0.0-3.1 libvirt-daemon-driver-storage-iscsi-10.0.0-3.1 libvirt-daemon-driver-storage-iscsi-direct-10.0.0-3.1 libvirt-daemon-driver-storage-logical-10.0.0-3.1 libvirt-daemon-driver-storage-mpath-10.0.0-3.1 libvirt-daemon-driver-storage-rbd-10.0.0-3.1 libvirt-daemon-driver-storage-scsi-10.0.0-3.1 libvirt-daemon-hooks-10.0.0-3.1 libvirt-daemon-lock-10.0.0-3.1 libvirt-daemon-log-10.0.0-3.1 libvirt-daemon-plugin-lockd-10.0.0-3.1 libvirt-daemon-proxy-10.0.0-3.1 libvirt-daemon-qemu-10.0.0-3.1 libvirt-libs-10.0.0-3.1 libvirt-nss-10.0.0-3.1 libvirt-client-10.0.0-3.1 as a component of SUSE Linux Micro 6.0 libvirt-client-qemu-10.0.0-3.1 as a component of SUSE Linux Micro 6.0 libvirt-daemon-10.0.0-3.1 as a component of SUSE Linux Micro 6.0 libvirt-daemon-common-10.0.0-3.1 as a component of SUSE Linux Micro 6.0 libvirt-daemon-config-network-10.0.0-3.1 as a component of SUSE Linux Micro 6.0 libvirt-daemon-driver-network-10.0.0-3.1 as a component of SUSE Linux Micro 6.0 libvirt-daemon-driver-nodedev-10.0.0-3.1 as a component of SUSE Linux Micro 6.0 libvirt-daemon-driver-nwfilter-10.0.0-3.1 as a component of SUSE Linux Micro 6.0 libvirt-daemon-driver-qemu-10.0.0-3.1 as a component of SUSE Linux Micro 6.0 libvirt-daemon-driver-secret-10.0.0-3.1 as a component of SUSE Linux Micro 6.0 libvirt-daemon-driver-storage-10.0.0-3.1 as a component of SUSE Linux Micro 6.0 libvirt-daemon-driver-storage-core-10.0.0-3.1 as a component of SUSE Linux Micro 6.0 libvirt-daemon-driver-storage-disk-10.0.0-3.1 as a component of SUSE Linux Micro 6.0 libvirt-daemon-driver-storage-iscsi-10.0.0-3.1 as a component of SUSE Linux Micro 6.0 libvirt-daemon-driver-storage-iscsi-direct-10.0.0-3.1 as a component of SUSE Linux Micro 6.0 libvirt-daemon-driver-storage-logical-10.0.0-3.1 as a component of SUSE Linux Micro 6.0 libvirt-daemon-driver-storage-mpath-10.0.0-3.1 as a component of SUSE Linux Micro 6.0 libvirt-daemon-driver-storage-rbd-10.0.0-3.1 as a component of SUSE Linux Micro 6.0 libvirt-daemon-driver-storage-scsi-10.0.0-3.1 as a component of SUSE Linux Micro 6.0 libvirt-daemon-hooks-10.0.0-3.1 as a component of SUSE Linux Micro 6.0 libvirt-daemon-lock-10.0.0-3.1 as a component of SUSE Linux Micro 6.0 libvirt-daemon-log-10.0.0-3.1 as a component of SUSE Linux Micro 6.0 libvirt-daemon-plugin-lockd-10.0.0-3.1 as a component of SUSE Linux Micro 6.0 libvirt-daemon-proxy-10.0.0-3.1 as a component of SUSE Linux Micro 6.0 libvirt-daemon-qemu-10.0.0-3.1 as a component of SUSE Linux Micro 6.0 libvirt-libs-10.0.0-3.1 as a component of SUSE Linux Micro 6.0 libvirt-nss-10.0.0-3.1 as a component of SUSE Linux Micro 6.0 A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's stack frame was concurrently being "freed" when returning from virNetClientIOEventLoop(). The 'virtproxyd' daemon can be used to trigger requests. If libvirt is configured with fine-grained access control, this issue, in theory, allows a user to escape their otherwise limited access. This flaw allows a local, unprivileged user to access virtproxyd without authenticating. Remote users would need to authenticate before they could access it. CVE-2024-4418 SUSE Linux Micro 6.0:libvirt-client-10.0.0-3.1 SUSE Linux Micro 6.0:libvirt-client-qemu-10.0.0-3.1 SUSE Linux Micro 6.0:libvirt-daemon-10.0.0-3.1 SUSE Linux Micro 6.0:libvirt-daemon-common-10.0.0-3.1 SUSE Linux Micro 6.0:libvirt-daemon-config-network-10.0.0-3.1 SUSE Linux Micro 6.0:libvirt-daemon-driver-network-10.0.0-3.1 SUSE Linux Micro 6.0:libvirt-daemon-driver-nodedev-10.0.0-3.1 SUSE Linux Micro 6.0:libvirt-daemon-driver-nwfilter-10.0.0-3.1 SUSE Linux Micro 6.0:libvirt-daemon-driver-qemu-10.0.0-3.1 SUSE Linux Micro 6.0:libvirt-daemon-driver-secret-10.0.0-3.1 SUSE Linux Micro 6.0:libvirt-daemon-driver-storage-10.0.0-3.1 SUSE Linux Micro 6.0:libvirt-daemon-driver-storage-core-10.0.0-3.1 SUSE Linux Micro 6.0:libvirt-daemon-driver-storage-disk-10.0.0-3.1 SUSE Linux Micro 6.0:libvirt-daemon-driver-storage-iscsi-10.0.0-3.1 SUSE Linux Micro 6.0:libvirt-daemon-driver-storage-iscsi-direct-10.0.0-3.1 SUSE Linux Micro 6.0:libvirt-daemon-driver-storage-logical-10.0.0-3.1 SUSE Linux Micro 6.0:libvirt-daemon-driver-storage-mpath-10.0.0-3.1 SUSE Linux Micro 6.0:libvirt-daemon-driver-storage-rbd-10.0.0-3.1 SUSE Linux Micro 6.0:libvirt-daemon-driver-storage-scsi-10.0.0-3.1 SUSE Linux Micro 6.0:libvirt-daemon-hooks-10.0.0-3.1 SUSE Linux Micro 6.0:libvirt-daemon-lock-10.0.0-3.1 SUSE Linux Micro 6.0:libvirt-daemon-log-10.0.0-3.1 SUSE Linux Micro 6.0:libvirt-daemon-plugin-lockd-10.0.0-3.1 SUSE Linux Micro 6.0:libvirt-daemon-proxy-10.0.0-3.1 SUSE Linux Micro 6.0:libvirt-daemon-qemu-10.0.0-3.1 SUSE Linux Micro 6.0:libvirt-libs-10.0.0-3.1 SUSE Linux Micro 6.0:libvirt-nss-10.0.0-3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520012-1/ https://www.suse.com/security/cve/CVE-2024-4418.html CVE-2024-4418 https://bugzilla.suse.com/1223849 SUSE Bug 1223849