Bug 1187375

Summary: VUL-1: CVE-2021-3593: xen: slirp: invalid pointer initialization may lead to information disclosure (udp6)
Product: [Novell Products] SUSE Security Incidents Reporter: Gianluca Gabrielli <gianluca.gabrielli>
Component: IncidentsAssignee: Charles Arnold <carnold>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P5 - None CC: smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/302310/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Gianluca Gabrielli 2021-06-15 18:10:25 UTC 
+++ This bug was initially created as a clone of Bug #1187365 +++

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The function udp6_input() handles requests for the udp protocol from the guest. While processing a udp packet that is smaller than the size of the udphdr structure it uses memory from outside the working mbuf buffer. This issue may lead to out of bound read access or indirect memory disclosure to the guest.

Upstream commits:
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e7
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/de71c15d

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1970487
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3593
Comment 1 Gianluca Gabrielli 2021-06-15 18:11:53 UTC 
None of our packages are affected.