Bugzilla – Bug 1187364
VUL-1: CVE-2021-3592: qemu,kvm,libslirp: slirp: invalid pointer initialization may lead to information disclosure (bootp)
Last modified: 2023-08-04 11:22:00 UTC
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The function bootp_input() in src/bootp.c handles requests for the bootp protocol from the guest. While processing a udp packet that is smaller than the size of the bootp_t structure (548 bytes) it uses memory from outside the working mbuf buffer. This may lead to the leakage of 10 bytes of uninitialized heap memory to the guest. Upstream commits: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e7 https://gitlab.freedesktop.org/slirp/libslirp/-/commit/f13cad45 https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2eca0838 References: https://bugzilla.redhat.com/show_bug.cgi?id=1970484 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3592
Affeced packages: - SUSE:SLE-11-SP1:Update/kvm 0.12.5 - SUSE:SLE-11-SP3:Update/kvm 1.4.2 - SUSE:SLE-11-SP4:Update/kvm 1.4.2 - SUSE:SLE-12-SP2:Update/qemu 2.6.2 - SUSE:SLE-12-SP3:Update/qemu 2.9.1 - SUSE:SLE-12-SP4:Update/qemu 2.11.2 - SUSE:SLE-12-SP5:Update/qemu 3.1.1.1 - SUSE:SLE-15-SP1:Update/qemu 3.1.1.1 - SUSE:SLE-15-SP2:Update/qemu 4.2.1 - SUSE:SLE-15-SP3:Update/qemu 5.2.0 - SUSE:SLE-15:Update/qemu 2.11.2 - openSUSE:Factory/qemu 6.0.0 Upstream patch [0]. [0] https://gitlab.freedesktop.org/slirp/libslirp/-/commit/a5c9699712ed25c4b96d448e0977f7108cb0ebf5.patch
SUSE-SU-2021:2428-1: An update that fixes 5 vulnerabilities is now available. Category: security (moderate) Bug References: 1187364,1187365,1187366,1187367,1187529 CVE References: CVE-2021-3592,CVE-2021-3593,CVE-2021-3594,CVE-2021-3595,CVE-2021-3611 JIRA References: Sources used: SUSE Linux Enterprise Server 12-SP2-BCL (src): qemu-2.6.2-41.68.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:2448-1: An update that solves 8 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1185591,1187364,1187365,1187366,1187367,1187499,1187529,1187538,1187539 CVE References: CVE-2021-3582,CVE-2021-3592,CVE-2021-3593,CVE-2021-3594,CVE-2021-3595,CVE-2021-3607,CVE-2021-3608,CVE-2021-3611 JIRA References: Sources used: SUSE Linux Enterprise Server 12-SP5 (src): qemu-3.1.1.1-54.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:2461-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1187364,1187365,1187366,1187367,1187529 CVE References: CVE-2021-3592,CVE-2021-3593,CVE-2021-3594,CVE-2021-3595,CVE-2021-3611 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15 (src): qemu-2.11.2-9.49.1 SUSE Linux Enterprise Server 15-LTSS (src): qemu-2.11.2-9.49.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): qemu-2.11.2-9.49.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): qemu-2.11.2-9.49.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:2474-1: An update that fixes 8 vulnerabilities is now available. Category: security (important) Bug References: 1187364,1187365,1187366,1187367,1187499,1187529,1187538,1187539 CVE References: CVE-2021-3582,CVE-2021-3592,CVE-2021-3593,CVE-2021-3594,CVE-2021-3595,CVE-2021-3607,CVE-2021-3608,CVE-2021-3611 JIRA References: Sources used: SUSE MicroOS 5.0 (src): qemu-4.2.1-11.25.2 SUSE Linux Enterprise Module for Server Applications 15-SP2 (src): qemu-4.2.1-11.25.2 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): qemu-4.2.1-11.25.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:2474-1: An update that fixes 8 vulnerabilities is now available. Category: security (important) Bug References: 1187364,1187365,1187366,1187367,1187499,1187529,1187538,1187539 CVE References: CVE-2021-3582,CVE-2021-3592,CVE-2021-3593,CVE-2021-3594,CVE-2021-3595,CVE-2021-3607,CVE-2021-3608,CVE-2021-3611 JIRA References: Sources used: openSUSE Leap 15.3 (src): qemu-4.2.1-11.25.2
SUSE-SU-2021:2546-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1187364,1187365,1187366,1187367,1187529 CVE References: CVE-2021-3592,CVE-2021-3593,CVE-2021-3594,CVE-2021-3595,CVE-2021-3611 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): qemu-2.11.2-5.35.1 SUSE OpenStack Cloud 9 (src): qemu-2.11.2-5.35.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): qemu-2.11.2-5.35.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): qemu-2.11.2-5.35.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:2563-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1187364,1187365,1187366,1187367,1187529 CVE References: CVE-2021-3592,CVE-2021-3593,CVE-2021-3594,CVE-2021-3595,CVE-2021-3611 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 8 (src): qemu-2.9.1-6.53.1 SUSE OpenStack Cloud 8 (src): qemu-2.9.1-6.53.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): qemu-2.9.1-6.53.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): qemu-2.9.1-6.53.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): qemu-2.9.1-6.53.1 HPE Helion Openstack 8 (src): qemu-2.9.1-6.53.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:2591-1: An update that solves 9 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1176681,1185591,1186290,1187364,1187365,1187366,1187367,1187499,1187529,1187538,1187539 CVE References: CVE-2020-25085,CVE-2021-3582,CVE-2021-3592,CVE-2021-3593,CVE-2021-3594,CVE-2021-3595,CVE-2021-3607,CVE-2021-3608,CVE-2021-3611 JIRA References: Sources used: openSUSE Leap 15.3 (src): qemu-3.1.1.1-9.30.2
SUSE-SU-2021:2591-1: An update that solves 9 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1176681,1185591,1186290,1187364,1187365,1187366,1187367,1187499,1187529,1187538,1187539 CVE References: CVE-2020-25085,CVE-2021-3582,CVE-2021-3592,CVE-2021-3593,CVE-2021-3594,CVE-2021-3595,CVE-2021-3607,CVE-2021-3608,CVE-2021-3611 JIRA References: Sources used: SUSE Manager Server 4.0 (src): qemu-3.1.1.1-9.30.2 SUSE Manager Retail Branch Server 4.0 (src): qemu-3.1.1.1-9.30.2 SUSE Manager Proxy 4.0 (src): qemu-3.1.1.1-9.30.2 SUSE Linux Enterprise Server for SAP 15-SP1 (src): qemu-3.1.1.1-9.30.2 SUSE Linux Enterprise Server 15-SP1-LTSS (src): qemu-3.1.1.1-9.30.2 SUSE Linux Enterprise Server 15-SP1-BCL (src): qemu-3.1.1.1-9.30.2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): qemu-3.1.1.1-9.30.2 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): qemu-3.1.1.1-9.30.2 SUSE Enterprise Storage 6 (src): qemu-3.1.1.1-9.30.2 SUSE CaaS Platform 4.0 (src): qemu-3.1.1.1-9.30.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:14772-1: An update that fixes 8 vulnerabilities is now available. Category: security (important) Bug References: 1173612,1174386,1178683,1180523,1181933,1186473,1187364,1187367 CVE References: CVE-2020-11947,CVE-2020-15469,CVE-2020-15863,CVE-2020-25707,CVE-2021-20221,CVE-2021-3416,CVE-2021-3592,CVE-2021-3594 JIRA References: Sources used: SUSE Linux Enterprise Server 11-SP4-LTSS (src): kvm-1.4.2-60.37.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:14774-1: An update that solves 8 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1031692,1173612,1174386,1178683,1180523,1181933,1186473,1187364,1187367 CVE References: CVE-2020-11947,CVE-2020-15469,CVE-2020-15863,CVE-2020-25707,CVE-2021-20221,CVE-2021-3416,CVE-2021-3592,CVE-2021-3594 JIRA References: Sources used: SUSE Linux Enterprise Point of Sale 11-SP3 (src): kvm-1.4.2-53.41.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Hi Ralf, can you please patch SUSE:SLE-15-SP3:Update/libslirp which is also affected? While openSUSE:Factory/libslirp is already patched. Thanks
# maintenance_jira_update_notice openSUSE-SU-2021:1202-1: An update that fixes 15 vulnerabilities is now available. Category: security (important) Bug References: 1180432,1180433,1180434,1180435,1182651,1186012,1187364,1187365,1187366,1187367,1187499,1187529,1187538,1187539,1189145 CVE References: CVE-2020-35503,CVE-2020-35504,CVE-2020-35505,CVE-2020-35506,CVE-2021-20255,CVE-2021-3527,CVE-2021-3582,CVE-2021-3592,CVE-2021-3593,CVE-2021-3594,CVE-2021-3595,CVE-2021-3607,CVE-2021-3608,CVE-2021-3611,CVE-2021-3682 JIRA References: Sources used: openSUSE Leap 15.2 (src): qemu-4.2.1-lp152.9.20.1, qemu-linux-user-4.2.1-lp152.9.20.1, qemu-testsuite-4.2.1-lp152.9.20.1
(In reply to José Ricardo Ziviani from comment #7) > I backported the fixes to everything except SLE15-SP3 and Factory. I'm > looking the package libslirp and it seems that other team is taking care of > it, am I right? There still is a missing submission for qemu. Could you please submit the patch to: - SUSE:SLE-15-SP3:Update @Coldpool: can you please submit the patch for SUSE:SLE-15-SP3:Update/libslirp ?
15sp3/libslirp submitted.
Hey! So, are we fine with this now? Or is still something missing? I think we are, but I'd appreciate if you could double check that I haven't missed or misunderstood anything.
Hi Dario, I can't still see the SUSE:SLE-15-SP3:Update/qemu patch submission.
https://bugzilla.suse.com/show_bug.cgi?id=1187367#c23
(In reply to Petr Gajdos from comment #23) > https://bugzilla.suse.com/show_bug.cgi?id=1187367#c23 Right, SUSE:SLE-15-SP3:Update/qemu submission not needed. Thanks
(In reply to Gianluca Gabrielli from comment #24) > (In reply to Petr Gajdos from comment #23) > > https://bugzilla.suse.com/show_bug.cgi?id=1187367#c23 > > Right, SUSE:SLE-15-SP3:Update/qemu submission not needed. Thanks > Ok, great! So what's the procedure now? We close? We assign it back to someone of the security team or to one of your MLs?
Since this issue is assigned to you and your job is done, then you can reassign it back to security-team@suse.de. We keep monitoring the updates until they will be released, and if everything is OK, we'll proceed to close this issue. Thanks
(In reply to Gianluca Gabrielli from comment #26) > Since this issue is assigned to you and your job is done, then you can > reassign it back to security-team@suse.de. > Ok, done. > We keep monitoring the updates > until they will be released, and if everything is OK, we'll proceed to close > this issue. > Right. As far as I can tell, we're not missing any MR either, on our (qemu/kvm) side, or are we?
(In reply to Dario Faggioli from comment #27) > (In reply to Gianluca Gabrielli from comment #26) > > Since this issue is assigned to you and your job is done, then you can > > reassign it back to security-team@suse.de. > > > Ok, done. Thank you. > > We keep monitoring the updates > > until they will be released, and if everything is OK, we'll proceed to close > > this issue. > > > Right. As far as I can tell, we're not missing any MR either, on our > (qemu/kvm) side, or are we? Correct, as soon as RR#266342 [0] will be accepted (update released) I'll proceed to close this issue. [0] https://build.suse.de/request/show/266342
SUSE-SU-2022:1314-1: An update that fixes three vulnerabilities is now available. Category: security (low) Bug References: 1187364,1187366,1187367 CVE References: CVE-2021-3592,CVE-2021-3594,CVE-2021-3595 JIRA References: Sources used: openSUSE Leap 15.4 (src): libslirp-4.3.1-150300.3.3.1 openSUSE Leap 15.3 (src): libslirp-4.3.1-150300.3.3.1 SUSE Linux Enterprise Module for Server Applications 15-SP3 (src): libslirp-4.3.1-150300.3.3.1 SUSE Linux Enterprise Micro 5.1 (src): libslirp-4.3.1-150300.3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1465-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1187364,1187366,1187367,1198773 CVE References: CVE-2021-3592,CVE-2021-3594,CVE-2021-3595 JIRA References: Sources used: openSUSE Leap 15.4 (src): libslirp-4.3.1-150300.2.7.1 openSUSE Leap 15.3 (src): libslirp-4.3.1-150300.2.7.1 SUSE Linux Enterprise Module for Server Applications 15-SP4 (src): libslirp-4.3.1-150300.2.7.1 SUSE Linux Enterprise Module for Server Applications 15-SP3 (src): libslirp-4.3.1-150300.2.7.1 SUSE Linux Enterprise Micro 5.2 (src): libslirp-4.3.1-150300.2.7.1 SUSE Linux Enterprise Micro 5.1 (src): libslirp-4.3.1-150300.2.7.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1730-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1187364,1187366,1187367,1198773 CVE References: CVE-2021-3592,CVE-2021-3594,CVE-2021-3595 JIRA References: Sources used: openSUSE Leap 15.4 (src): libslirp-4.3.1-150300.6.2 openSUSE Leap 15.3 (src): libslirp-4.3.1-150300.6.2 SUSE Linux Enterprise Module for Server Applications 15-SP4 (src): libslirp-4.3.1-150300.6.2 SUSE Linux Enterprise Module for Server Applications 15-SP3 (src): libslirp-4.3.1-150300.6.2 SUSE Linux Enterprise Micro 5.2 (src): libslirp-4.3.1-150300.6.2 SUSE Linux Enterprise Micro 5.1 (src): libslirp-4.3.1-150300.6.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.