NEWS: Add the news for CVE-2024-4418

author Han Han <hhan@redhat.com>

Fri, 25 Oct 2024 04:57:26 +0000 (12:57 +0800)

committer Michal Privoznik <mprivozn@redhat.com>

Tue, 19 Nov 2024 10:24:40 +0000 (11:24 +0100)
author Han Han <hhan@redhat.com>
Fri, 25 Oct 2024 04:57:26 +0000 (12:57 +0800)
committer Michal Privoznik <mprivozn@redhat.com>
Tue, 19 Nov 2024 10:24:40 +0000 (11:24 +0100)
diff --git a/NEWS.rst b/NEWS.rst

index f85244bbfbbbf69f9e60d6abbe71314ece18cd31..dbc6109ef0002f8679e4837ecb0541070792be3d 100644 (file)
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -338,6 +338,18 @@ v10.5.0 (2024-07-01)
  v10.4.0 (2024-06-03)
  ====================
  
+* **Security**
+
+  * ``CVE-2024-4418``: Fix stack use-after-free in virNetClientIOEventLoop()
+
+    Fix race condition leading to a stack use-after-free bug was found in libvirt.
+    Due to a bad assumption in the virNetClientIOEventLoop() method, the data
+    pointer to a stack-allocated virNetClientIOEventData structure ended up being
+    used in the virNetClientIOEventFD callback while the data pointer's stack frame
+    was concurrently being "freed" when returning from virNetClientIOEventLoop().
+    This flaw allows a local, unprivileged user to access virtproxyd without
+    authenticating.
+
  * **New features**
  
    * qemu: Support for ras feature for virt machine type
author	Han Han <hhan@redhat.com>
	Fri, 25 Oct 2024 04:57:26 +0000 (12:57 +0800)
committer	Michal Privoznik <mprivozn@redhat.com>
	Tue, 19 Nov 2024 10:24:40 +0000 (11:24 +0100)