PublicDateAtUSN: 2021-06-15 21:15:00 UTC Candidate: CVE-2021-3594 PublicDate: 2021-06-15 21:15:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3594 https://ubuntu.com/security/notices/USN-5009-1 https://ubuntu.com/security/notices/USN-5010-1 https://ubuntu.com/security/notices/USN-5009-2 Description: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. Ubuntu-Description: Notes: Mitigation: Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1970491 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989995 Priority: low Discovered-by: Assigned-to: mdeslaur CVSS: nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N [3.8 LOW] Patches_qemu: upstream_qemu: needs-triage trusty_qemu: ignored (out of standard support) trusty/esm_qemu: needs-triage xenial_qemu: ignored (end of standard support, was needs-triage) esm-infra/xenial_qemu: needs-triage bionic_qemu: released (1:2.11+dfsg-1ubuntu7.37) focal_qemu: not-affected (uses system libslirp) groovy_qemu: not-affected (uses system libslirp) hirsute_qemu: not-affected (uses system libslirp) impish_qemu: not-affected (uses system libslirp) jammy_qemu: not-affected (uses system libslirp) devel_qemu: not-affected (uses system libslirp) Patches_libslirp: upstream: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 (v4.6.0) upstream: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/74572be49247c8c5feae7c6e0b50c4f569ca9824 (v4.6.0) upstream_libslirp: needs-triage trusty_libslirp: ignored (out of standard support) trusty/esm_libslirp: DNE xenial_libslirp: ignored (out of standard support) bionic_libslirp: DNE focal_libslirp: released (4.1.0-2ubuntu2.2) groovy_libslirp: released (4.3.1-1ubuntu0.1) hirsute_libslirp: released (4.4.0-1ubuntu0.1) impish_libslirp: released (4.4.0-1ubuntu0.21.10.1) jammy_libslirp: released (4.6.1-1) devel_libslirp: released (4.6.1-1)