PublicDateAtUSN: 2019-07-29 11:15:00 UTC Candidate: CVE-2019-14378 PublicDate: 2019-07-29 11:15:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14378 https://gitlab.freedesktop.org/slirp/libslirp/commit/126c04acbabd7ad32c2b018fe10dfac2a3bc1210 https://vishnudevtj.github.io/notes/qemu-vm-escape-cve-2019-14378 https://ubuntu.com/security/notices/USN-4191-1 https://ubuntu.com/security/notices/USN-4191-2 Description: ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment. Ubuntu-Description: It was discovered that a heap-based buffer overflow existed in the SLiRP networking implementation of QEMU. A local attacker in a guest could use this to cause a denial of service or possibly execute arbitrary code in the host. Notes: mdeslaur> located in slirp/src/ip_input.c in qemu Mitigation: Bugs: https://gitlab.freedesktop.org/slirp/libslirp/issues/10 Priority: low Discovered-by: Assigned-to: sbeattie CVSS: nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [8.8 HIGH] Patches_android: upstream_android: needs-triage precise/esm_android: DNE trusty_android: ignored (out of standard support) trusty/esm_android: DNE xenial_android: ignored (end of standard support, was needs-triage) bionic_android: DNE disco_android: DNE eoan_android: DNE focal_android: DNE groovy_android: DNE hirsute_android: DNE impish_android: DNE jammy_android: DNE devel_android: DNE Patches_basilisk2: upstream_basilisk2: needs-triage precise/esm_basilisk2: DNE trusty_basilisk2: ignored (out of standard support) trusty/esm_basilisk2: DNE xenial_basilisk2: ignored (end of standard support, was needs-triage) bionic_basilisk2: needs-triage disco_basilisk2: ignored (reached end-of-life) eoan_basilisk2: ignored (reached end-of-life) focal_basilisk2: needs-triage groovy_basilisk2: ignored (reached end-of-life) hirsute_basilisk2: ignored (reached end-of-life) impish_basilisk2: needs-triage jammy_basilisk2: needs-triage devel_basilisk2: needs-triage Patches_bochs: upstream_bochs: needs-triage precise/esm_bochs: DNE trusty_bochs: ignored (out of standard support) trusty/esm_bochs: DNE xenial_bochs: ignored (end of standard support, was needs-triage) bionic_bochs: needs-triage disco_bochs: ignored (reached end-of-life) eoan_bochs: ignored (reached end-of-life) focal_bochs: needs-triage groovy_bochs: ignored (reached end-of-life) hirsute_bochs: ignored (reached end-of-life) impish_bochs: needs-triage jammy_bochs: needs-triage devel_bochs: needs-triage Patches_fs-uae: upstream_fs-uae: needs-triage precise/esm_fs-uae: DNE trusty_fs-uae: ignored (out of standard support) trusty/esm_fs-uae: DNE xenial_fs-uae: ignored (end of standard support, was needs-triage) bionic_fs-uae: needs-triage disco_fs-uae: ignored (reached end-of-life) eoan_fs-uae: ignored (reached end-of-life) focal_fs-uae: needs-triage groovy_fs-uae: ignored (reached end-of-life) hirsute_fs-uae: ignored (reached end-of-life) impish_fs-uae: needs-triage jammy_fs-uae: needs-triage devel_fs-uae: needs-triage Patches_qemu: upstream: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=c2e03e2aa42d0f4f41deb08c2655503835840afa (stable-4.0) upstream_qemu: released (1:4.1-1) precise/esm_qemu: DNE trusty_qemu: ignored (out of standard support) trusty/esm_qemu: released (2.0.0+dfsg-2ubuntu1.47) xenial_qemu: released (1:2.5+dfsg-5ubuntu10.42) esm-infra/xenial_qemu: released (1:2.5+dfsg-5ubuntu10.42) bionic_qemu: released (1:2.11+dfsg-1ubuntu7.20) disco_qemu: released (1:3.1+dfsg-2ubuntu3.6) eoan_qemu: released (1:4.0+dfsg-0ubuntu9.1) focal_qemu: released (1:4.2-1ubuntu1) groovy_qemu: released (1:4.2-1ubuntu1) hirsute_qemu: released (1:4.2-1ubuntu1) impish_qemu: released (1:4.2-1ubuntu1) jammy_qemu: released (1:4.2-1ubuntu1) devel_qemu: released (1:4.2-1ubuntu1) Patches_qemu-kvm: upstream_qemu-kvm: needs-triage precise/esm_qemu-kvm: ignored (end of ESM support, was needs-triage) trusty_qemu-kvm: ignored (out of standard support) trusty/esm_qemu-kvm: DNE xenial_qemu-kvm: DNE bionic_qemu-kvm: DNE disco_qemu-kvm: DNE eoan_qemu-kvm: DNE focal_qemu-kvm: DNE groovy_qemu-kvm: DNE hirsute_qemu-kvm: DNE impish_qemu-kvm: DNE jammy_qemu-kvm: DNE devel_qemu-kvm: DNE Patches_qemu-kvm-spice: upstream_qemu-kvm-spice: needs-triage precise/esm_qemu-kvm-spice: DNE trusty_qemu-kvm-spice: ignored (out of standard support) trusty/esm_qemu-kvm-spice: DNE xenial_qemu-kvm-spice: DNE bionic_qemu-kvm-spice: DNE disco_qemu-kvm-spice: DNE eoan_qemu-kvm-spice: DNE focal_qemu-kvm-spice: DNE groovy_qemu-kvm-spice: DNE hirsute_qemu-kvm-spice: DNE impish_qemu-kvm-spice: DNE jammy_qemu-kvm-spice: DNE devel_qemu-kvm-spice: DNE Patches_qemu-linaro: upstream_qemu-linaro: needs-triage precise/esm_qemu-linaro: DNE trusty_qemu-linaro: ignored (out of standard support) trusty/esm_qemu-linaro: DNE xenial_qemu-linaro: DNE bionic_qemu-linaro: DNE disco_qemu-linaro: DNE eoan_qemu-linaro: DNE focal_qemu-linaro: DNE groovy_qemu-linaro: DNE hirsute_qemu-linaro: DNE impish_qemu-linaro: DNE jammy_qemu-linaro: DNE devel_qemu-linaro: DNE Patches_slirp: upstream: https://gitlab.freedesktop.org/slirp/libslirp/commit/126c04acbabd7ad32c2b018fe10dfac2a3bc1210 upstream_slirp: needs-triage precise/esm_slirp: DNE trusty_slirp: ignored (out of standard support) trusty/esm_slirp: DNE xenial_slirp: ignored (end of standard support, was needs-triage) bionic_slirp: needs-triage disco_slirp: ignored (reached end-of-life) eoan_slirp: ignored (reached end-of-life) focal_slirp: needs-triage groovy_slirp: ignored (reached end-of-life) hirsute_slirp: ignored (reached end-of-life) impish_slirp: needs-triage jammy_slirp: needs-triage devel_slirp: needs-triage Patches_slirp4netns: upstream_slirp4netns: needs-triage precise/esm_slirp4netns: DNE trusty_slirp4netns: ignored (out of standard support) trusty/esm_slirp4netns: DNE xenial_slirp4netns: DNE bionic_slirp4netns: DNE disco_slirp4netns: ignored (reached end-of-life) eoan_slirp4netns: not-affected (0.3.2-1) focal_slirp4netns: not-affected (0.3.2-1) groovy_slirp4netns: not-affected (0.3.2-1) hirsute_slirp4netns: not-affected (0.3.2-1) impish_slirp4netns: not-affected (0.3.2-1) jammy_slirp4netns: not-affected (0.3.2-1) devel_slirp4netns: not-affected (0.3.2-1) Patches_vde2: upstream_vde2: needs-triage precise/esm_vde2: DNE trusty_vde2: ignored (out of standard support) trusty/esm_vde2: DNE xenial_vde2: ignored (end of standard support, was needs-triage) bionic_vde2: needs-triage disco_vde2: ignored (reached end-of-life) eoan_vde2: ignored (reached end-of-life) focal_vde2: needs-triage groovy_vde2: ignored (reached end-of-life) hirsute_vde2: ignored (reached end-of-life) impish_vde2: needs-triage jammy_vde2: needs-triage devel_vde2: needs-triage Patches_xen: Tags_xen: universe-binary upstream_xen: needs-triage precise/esm_xen: DNE trusty_xen: ignored (out of standard support) trusty/esm_xen: DNE xenial_xen: ignored (end of standard support, was needs-triage) esm-infra/xenial_xen: needs-triage bionic_xen: needs-triage disco_xen: ignored (reached end-of-life) eoan_xen: ignored (reached end-of-life) focal_xen: needs-triage groovy_xen: ignored (reached end-of-life) hirsute_xen: ignored (reached end-of-life) impish_xen: needs-triage jammy_xen: needs-triage devel_xen: needs-triage Patches_libslirp: upstream_libslirp: needs-triage precise/esm_libslirp: DNE trusty_libslirp: ignored (out of standard support) trusty/esm_libslirp: DNE xenial_libslirp: DNE bionic_libslirp: DNE disco_libslirp: DNE eoan_libslirp: DNE focal_libslirp: not-affected (4.1.0-2) groovy_libslirp: not-affected (4.1.0-2) hirsute_libslirp: not-affected (4.1.0-2) impish_libslirp: not-affected (4.1.0-2) jammy_libslirp: not-affected (4.1.0-2) devel_libslirp: not-affected (4.1.0-2)