Bug 1221926 (CVE-2024-30161)

Summary:	VUL-0: CVE-2024-30161: libqt4,libqt5-qtbase,qt3,qt6-base: wasm component may access QNetworkReply header data via a dangling pointer
Product:	[Novell Products] SUSE Security Incidents	Reporter:	SMASH SMASH <smash_bz>
Component:	Incidents	Assignee:	Antonio Larrosa <alarrosa>
Status:	IN_PROGRESS ---	QA Contact:	Security Team bot <security-team>
Severity:	Normal
Priority:	P3 - Medium	CC:	andrea.mattiazzo
Version:	unspecified
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/398745/
Whiteboard:	CVSSv3.1:SUSE:CVE-2024-30161:6.5:(AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description SMASH SMASH 2024-03-25 14:50:57 UTC

In Qt before 6.5.6 and 6.6.x before 6.6.3, the wasm component may access QNetworkReply header data via a dangling pointer.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-30161
https://www.cve.org/CVERecord?id=CVE-2024-30161
https://codereview.qt-project.org/c/qt/qtbase/+/544314
https://bugreports.qt.io/browse/QTBUG-122893

Patch:
https://codereview.qt-project.org/gitweb?p=qt%2Fqtbase.git;a=commit;h=a5b00cefef12999e9a213943855abe6bc0ab5365

Comment 3 Antonio Larrosa 2024-03-27 19:15:18 UTC

I submitted Qt6 6.6.3 to SLE15-SP6 (which includes the patch for this issue in [1]) and also backported the patch to SLE15-SP5's Qt 6.4.2 and submitted it in [2].

[1] https://build.suse.de/request/show/324977 
[2] https://build.suse.de/request/show/324987

Comment 4 Andrea Mattiazzo 2024-03-29 13:32:29 UTC

Thanks Antonio.

Considering not affected libqt5 since function emscripten_fetch() is called directly in the worker, not in a separate async thread, so the behavior is the similar as the patched code.

Comment 5 Maintenance Automation 2024-04-09 12:30:07 UTC

SUSE-SU-2024:1174-1: An update that solves one vulnerability can now be installed.

Category: security (moderate)
Bug References: 1221926
CVE References: CVE-2024-30161
Maintenance Incident: [SUSE:Maintenance:33152](https://smelt.suse.de/incident/33152/)
Sources used:
SUSE Package Hub 15 15-SP5 (src):
 qt6-base-6.4.2-150500.3.17.1
openSUSE Leap 15.5 (src):
 qt6-base-docs-6.4.2-150500.3.17.1, qt6-base-6.4.2-150500.3.17.1
Desktop Applications Module 15-SP5 (src):
 qt6-base-6.4.2-150500.3.17.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.