[MEDIUM] Patch libvirt for CVE-2024-4418 (#13811)

aninda-al · web-flow · commit e75cd05d8c46 · 2025-06-10T13:51:12.000+05:30
diff --git a/SPECS/libvirt/CVE-2024-4418.patch b/SPECS/libvirt/CVE-2024-4418.patch
@@ -0,0 +1,44 @@
+From e35fd05e2512a1c650b1940910bb394bfe8bd27d Mon Sep 17 00:00:00 2001
+From: Aninda <v-anipradhan@microsoft.com>
+Date: Thu, 15 May 2025 08:56:07 -0400
+Subject: [PATCH] Address CVE-2024-4418
+Upstream Patch Reference: https://gitlab.com/libvirt/libvirt/-/commit/8074d64dc2eca846d6a61efe1a9b7428a0ce1dd1
+---
+ src/rpc/virnetclient.c | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
+index 68098b1..147b0d6 100644
+--- a/src/rpc/virnetclient.c
++++ b/src/rpc/virnetclient.c
+@@ -1657,7 +1657,7 @@ static int virNetClientIOEventLoop(virNetClient *client,
+ #endif /* !WIN32 */
+         int timeout = -1;
+         virNetMessage *msg = NULL;
+-        g_autoptr(GSource) G_GNUC_UNUSED source = NULL;
++        g_autoptr(GSource) source = NULL;
+         GIOCondition ev = 0;
+         struct virNetClientIOEventData data = {
+             .client = client,
+@@ -1721,6 +1721,18 @@ static int virNetClientIOEventLoop(virNetClient *client,
+ 
+         g_main_loop_run(client->eventLoop);
+ 
++        /*
++         * If virNetClientIOEventFD ran, this GSource will already be
++         * destroyed due to G_SOURCE_REMOVE. It is harmless to re-destroy
++         * it, since we still own a reference.
++         *
++         * If virNetClientIOWakeup ran, it will have interrupted the
++         * g_main_loop_run call, before virNetClientIOEventFD could
++         * run, and thus the GSource is still registered, and we need
++         * to destroy it since it is referencing stack memory for 'data'
++         */
++        g_source_destroy(source);
++
+ #ifndef WIN32
+         ignore_value(pthread_sigmask(SIG_SETMASK, &oldmask, NULL));
+ #endif /* !WIN32 */
+-- 
+2.34.1
+
diff --git a/SPECS/libvirt/libvirt.spec b/SPECS/libvirt/libvirt.spec
@@ -185,7 +185,7 @@
 Summary:        Library providing a simple virtualization API
 Name:           libvirt
 Version:        10.0.0
-Release:        4%{?dist}
+Release:        5%{?dist}
 License:        GPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND OFL-1.1
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -198,6 +198,7 @@ Source:         https://download.libvirt.org/%{?mainturl}libvirt-%{version}.tar.
 Patch0:         libvirt-conf.patch
 Patch1:         CVE-2024-1441.patch
 Patch2:         CVE-2024-2494.patch
+Patch3:         CVE-2024-4418.patch
 
 Requires: libvirt-daemon = %{version}-%{release}
 Requires: libvirt-daemon-config-network = %{version}-%{release}
@@ -2188,6 +2189,9 @@ exit 0
 %endif
 
 %changelog
+* Thu May 15 2025 Aninda Pradhan <v-anipradhan@microsoft.com> - 10.0.0-5
+- Fixes CVE-2024-4418 with an upstream patch
+
 * Fri May 23 2025 Aninda Pradhan <v-anipradhan@microsoft.com> - 10.0.0-4
 - Fix for CVE-2024-1441 and CVE-2024-2494
 
