Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Mageia Security Advisory: 2021-0480 - Libslirp Data Leak Issue

mageia
Calendar Grey October 20, 2021
Dist Mageia Esm H88
Critical patch released addressing libslirp vulnerabilities in Mageia 8. Flaws allow unauthorized guests to access host memory.
Invalid pointer initialization issues were found in the SLiRP networking implementation of QEMU

Summary

Invalid pointer initialization issues were found in the SLiRP networking implementation of QEMU.
In the bootp_input() function while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. (CVE-2021-3592)
In the udp6_input() function while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. (CVE-2021-3593)
In the udp_input() function while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory dis...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=29219

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/

- https://www.cve.org/CVERecord?id=CVE-2021-3592

- https://www.cve.org/CVERecord?id=CVE-2021-3593

- https://www.cve.org/CVERecord?id=CVE-2021-3594

- https://www.cve.org/CVERecord?id=CVE-2021-3595

Resolution

SRPMS

- 8/core/libslirp-4.4.0-1.1.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 20 Oct 2021
URL: https://advisories.mageia.org/MGASA-2021-0480.html
Type: security
CVE: CVE-2021-3592, CVE-2021-3593, CVE-2021-3594, CVE-2021-3595

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here