PublicDateAtUSN: 2020-07-09 16:15:00 UTC Candidate: CVE-2020-10756 PublicDate: 2020-07-09 16:15:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10756 https://ubuntu.com/security/notices/USN-4437-1 https://ubuntu.com/security/notices/USN-4467-1 Description: An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1. Ubuntu-Description: Notes: Mitigation: Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1835986#c11 Priority: medium Discovered-by: Ziming Zhang and VictorV Assigned-to: CVSS: nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N [6.5 MEDIUM] Patches_qemu-kvm: upstream_qemu-kvm: needs-triage precise/esm_qemu-kvm: not-affected (code not present) trusty_qemu-kvm: DNE trusty/esm_qemu-kvm: DNE xenial_qemu-kvm: DNE bionic_qemu-kvm: DNE eoan_qemu-kvm: DNE focal_qemu-kvm: DNE groovy_qemu-kvm: DNE hirsute_qemu-kvm: DNE impish_qemu-kvm: DNE jammy_qemu-kvm: DNE devel_qemu-kvm: DNE Patches_qemu: upstream_qemu: needs-triage precise/esm_qemu: DNE trusty_qemu: ignored (out of standard support) trusty/esm_qemu: not-affected (code not present) xenial_qemu: not-affected (code not present) esm-infra/xenial_qemu: not-affected (code not present) bionic_qemu: released (1:2.11+dfsg-1ubuntu7.31) eoan_qemu: ignored (reached end-of-life) focal_qemu: not-affected (uses system libslirp) groovy_qemu: not-affected (uses system libslirp) hirsute_qemu: not-affected (uses system libslirp) impish_qemu: not-affected (uses system libslirp) jammy_qemu: not-affected (uses system libslirp) devel_qemu: not-affected (uses system libslirp) Patches_libslirp: upstream: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/c7ede54cbd2e2b25385325600958ba0124e31cc0 upstream_libslirp: needs-triage precise/esm_libslirp: DNE trusty_libslirp: ignored (out of standard support) trusty/esm_libslirp: DNE xenial_libslirp: DNE bionic_libslirp: DNE eoan_libslirp: DNE focal_libslirp: released (4.1.0-2ubuntu2.1) groovy_libslirp: not-affected (4.3.1-1) hirsute_libslirp: not-affected (4.3.1-1) impish_libslirp: not-affected (4.3.1-1) jammy_libslirp: not-affected (4.3.1-1) devel_libslirp: not-affected (4.3.1-1) Patches_slirp4netns: upstream_slirp4netns: released (1.0.1-1) precise/esm_slirp4netns: DNE trusty_slirp4netns: ignored (out of standard support) trusty/esm_slirp4netns: DNE xenial_slirp4netns: DNE bionic_slirp4netns: DNE eoan_slirp4netns: ignored (reached end-of-life) focal_slirp4netns: needed groovy_slirp4netns: not-affected (1.0.1-1) hirsute_slirp4netns: not-affected (1.0.1-1) impish_slirp4netns: not-affected (1.0.1-1) jammy_slirp4netns: not-affected (1.0.1-1) devel_slirp4netns: not-affected (1.0.1-1)