PublicDateAtUSN: 2021-06-15 21:15:00 UTC Candidate: CVE-2021-3592 PublicDate: 2021-06-15 21:15:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3592 https://ubuntu.com/security/notices/USN-5009-1 https://ubuntu.com/security/notices/USN-5010-1 https://ubuntu.com/security/notices/USN-5009-2 Description: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. Ubuntu-Description: Notes: mdeslaur> patches for this introduced a regression that was fixed in 4.6.1 Mitigation: Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1970484 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989993 Priority: low Discovered-by: Assigned-to: mdeslaur CVSS: nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N [3.8 LOW] Patches_qemu: upstream_qemu: needs-triage trusty_qemu: ignored (out of standard support) trusty/esm_qemu: needs-triage xenial_qemu: ignored (end of standard support, was needs-triage) esm-infra/xenial_qemu: needs-triage bionic_qemu: released (1:2.11+dfsg-1ubuntu7.37) focal_qemu: not-affected (uses system libslirp) groovy_qemu: not-affected (uses system libslirp) hirsute_qemu: not-affected (uses system libslirp) impish_qemu: not-affected (uses system libslirp) jammy_qemu: not-affected (uses system libslirp) devel_qemu: not-affected (uses system libslirp) Patches_libslirp: upstream: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 (v4.6.0) upstream: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/f13cad45b25d92760bb0ad67bec0300a4d7d5275 (v4.6.0) upstream: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2eca0838eee1da96204545e22cdaed860d9d7c6c (v4.6.0) upstream: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/c9f314f6e315a5518432761fea864196a290f799 (regression fix) upstream_libslirp: needs-triage trusty_libslirp: ignored (out of standard support) trusty/esm_libslirp: DNE xenial_libslirp: ignored (out of standard support) bionic_libslirp: DNE focal_libslirp: released (4.1.0-2ubuntu2.2) groovy_libslirp: released (4.3.1-1ubuntu0.1) hirsute_libslirp: released (4.4.0-1ubuntu0.1) impish_libslirp: released (4.4.0-1ubuntu0.21.10.1) jammy_libslirp: released (4.6.1-1) devel_libslirp: released (4.6.1-1)