Bug 1187375 - VUL-1: CVE-2021-3593: xen: slirp: invalid pointer initialization may lead to information disclosure (udp6)
Summary: VUL-1: CVE-2021-3593: xen: slirp: invalid pointer initialization may lead to ...
Status: RESOLVED FIXED
Alias: None
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Minor
Target Milestone: ---
Assignee: Charles Arnold
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/302310/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-06-15 18:10 UTC by Gianluca Gabrielli
Modified: 2021-06-15 18:11 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Gianluca Gabrielli 2021-06-15 18:10:25 UTC 
+++ This bug was initially created as a clone of Bug #1187365 +++

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The function udp6_input() handles requests for the udp protocol from the guest. While processing a udp packet that is smaller than the size of the udphdr structure it uses memory from outside the working mbuf buffer. This issue may lead to out of bound read access or indirect memory disclosure to the guest.

Upstream commits:
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e7
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/de71c15d

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1970487
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3593
Comment 1 Gianluca Gabrielli 2021-06-15 18:11:53 UTC 
None of our packages are affected.