CVE-2024-2494 MEDIUM

CVE-2024-2494: Libvirt: negative g_new0 length can lead to unbounded memory allocation

Vendor Red Hat
Product Red Hat Enterprise Linux 6
Weakness CWE-789
Published March 21, 2024
Last update February 25, 2026

CVSS base score

6.2/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.

Key dates

02Disclosure timeline

March 21, 2024 CVE published
February 25, 2026 Record updated