PublicDateAtUSN: 2020-02-06 17:15:00 UTC
Candidate: CVE-2020-8608
PublicDate: 2020-02-06 17:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8608
 https://www.openwall.com/lists/oss-security/2020/02/06/2
 https://ubuntu.com/security/notices/USN-4283-1
 https://ubuntu.com/security/notices/USN-4632-1
Description:
 In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf
 return values, leading to a buffer overflow in later code.
Ubuntu-Description:
 It was discovered that the SLiRP networking implementation of the QEMU
 emulator misuses snprintf return values. An attacker could use this to
 cause a denial of service (application crash) or potentially execute
 arbitrary code.
Notes:
 mdeslaur> possible better approach would be to disable tcp_emu completely
 mdeslaur> https://gitlab.freedesktop.org/slirp/libslirp/commit/07c2a44b67e219ac14207f7a1b33704e1312cf91
Mitigation:
Bugs:
Priority: medium
Discovered-by: Laszlo Ersek
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L [5.6 MEDIUM]

Patches_qemu-kvm:
upstream_qemu-kvm: needs-triage
precise/esm_qemu-kvm: ignored (end of ESM support, was needs-triage)
trusty_qemu-kvm: DNE
trusty/esm_qemu-kvm: DNE
xenial_qemu-kvm: DNE
bionic_qemu-kvm: DNE
eoan_qemu-kvm: DNE
focal_qemu-kvm: DNE
groovy_qemu-kvm: DNE
hirsute_qemu-kvm: DNE
impish_qemu-kvm: DNE
jammy_qemu-kvm: DNE
devel_qemu-kvm: DNE

Patches_qemu:
upstream_qemu: needs-triage
precise/esm_qemu: DNE
trusty_qemu: ignored (out of standard support)
trusty/esm_qemu: needs-triage
xenial_qemu: released (1:2.5+dfsg-5ubuntu10.43)
esm-infra/xenial_qemu: released (1:2.5+dfsg-5ubuntu10.43)
bionic_qemu: released (1:2.11+dfsg-1ubuntu7.23)
eoan_qemu: released (1:4.0+dfsg-0ubuntu9.4)
focal_qemu: not-affected (uses system libslirp)
groovy_qemu: not-affected (uses system libslirp)
hirsute_qemu: not-affected (uses system libslirp)
impish_qemu: not-affected (uses system libslirp)
jammy_qemu: not-affected (uses system libslirp)
devel_qemu: not-affected (uses system libslirp)

Patches_libslirp:
 upstream: https://gitlab.freedesktop.org/slirp/libslirp/commit/30648c03b27fb8d9611b723184216cd3174b6775
 upstream: https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843
upstream_libslirp: needs-triage
precise/esm_libslirp: DNE
trusty_libslirp: ignored (out of standard support)
trusty/esm_libslirp: DNE
xenial_libslirp: DNE
bionic_libslirp: DNE
eoan_libslirp: DNE
focal_libslirp: released (4.1.0-2ubuntu1)
groovy_libslirp: released (4.1.0-2ubuntu1)
hirsute_libslirp: released (4.1.0-2ubuntu1)
impish_libslirp: released (4.1.0-2ubuntu1)
jammy_libslirp: released (4.1.0-2ubuntu1)
devel_libslirp: released (4.1.0-2ubuntu1)

Patches_slirp:
upstream_slirp: needs-triage
precise/esm_slirp: DNE
trusty_slirp: ignored (out of standard support)
trusty/esm_slirp: DNE
xenial_slirp: released (1:1.0.17-8ubuntu16.04.1)
bionic_slirp: released (1:1.0.17-8ubuntu18.04.1)
eoan_slirp: ignored (reached end-of-life)
focal_slirp: needed
groovy_slirp: ignored (reached end-of-life)
hirsute_slirp: ignored (reached end-of-life)
impish_slirp: needed
jammy_slirp: needed
devel_slirp: needed

Patches_slirp4netns:
upstream_slirp4netns: needs-triage
precise/esm_slirp4netns: DNE
trusty_slirp4netns: ignored (out of standard support)
trusty/esm_slirp4netns: DNE
xenial_slirp4netns: DNE
bionic_slirp4netns: DNE
eoan_slirp4netns: ignored (reached end-of-life)
focal_slirp4netns: needs-triage
groovy_slirp4netns: not-affected (1.0.1-1)
hirsute_slirp4netns: not-affected (1.0.1-1)
impish_slirp4netns: not-affected (1.0.1-1)
jammy_slirp4netns: not-affected (1.0.1-1)
devel_slirp4netns: not-affected (1.0.1-1)