Bugzilla – Bug 1187369
VUL-1: CVE-2021-3592: xen: slirp: invalid pointer initialization may lead to information disclosure (bootp)
Last modified: 2022-05-20 16:05:31 UTC
+++ This bug was initially created as a clone of Bug #1187364 +++ An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The function bootp_input() in src/bootp.c handles requests for the bootp protocol from the guest. While processing a udp packet that is smaller than the size of the bootp_t structure (548 bytes) it uses memory from outside the working mbuf buffer. This may lead to the leakage of 10 bytes of uninitialized heap memory to the guest. Upstream commits: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e7 https://gitlab.freedesktop.org/slirp/libslirp/-/commit/f13cad45 https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2eca0838 References: https://bugzilla.redhat.com/show_bug.cgi?id=1970484 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3592
Affected packages: - SUSE:SLE-11-SP1:Update:Teradata/xen 4.0.3_21548_20 - SUSE:SLE-11-SP3:Update/xen 4.2.5_22 - SUSE:SLE-11-SP3:Update:Teradata/xen 4.2.5_26 - SUSE:SLE-11-SP4:Update/xen 4.4.4_48 - SUSE:SLE-12-SP2:Update/xen 4.7.6_14 - SUSE:SLE-12-SP3:Update/xen 4.9.4_18 - SUSE:SLE-12-SP4:Update/xen 4.11.4_18 - SUSE:SLE-12-SP5:Update/xen 4.12.4_10 Upstream patch [0], specifically this commit [1]. [0] https://gitlab.freedesktop.org/slirp/libslirp/-/commit/a5c9699712ed25c4b96d448e0977f7108cb0ebf5.patch [1] https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2eca0838eee1da96204545e22cdaed860d9d7c6c.patch
# maintenance_jira_update_notice SUSE-SU-2021:2924-1: An update that solves 15 vulnerabilities and has 6 fixes is now available. Category: security (important) Bug References: 1027519,1179246,1180491,1180846,1182654,1183243,1185682,1186428,1186429,1186433,1186434,1187369,1187376,1187378,1188050,1189373,1189376,1189378,1189380,1189381,1189882 CVE References: CVE-2021-0089,CVE-2021-20255,CVE-2021-28690,CVE-2021-28692,CVE-2021-28693,CVE-2021-28694,CVE-2021-28695,CVE-2021-28696,CVE-2021-28697,CVE-2021-28698,CVE-2021-28699,CVE-2021-28700,CVE-2021-3592,CVE-2021-3594,CVE-2021-3595 JIRA References: Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): xen-4.12.4_12-3.49.1 SUSE Linux Enterprise Server 12-SP5 (src): xen-4.12.4_12-3.49.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
# maintenance_jira_update_notice SUSE-SU-2021:2955-1: An update that fixes 14 vulnerabilities is now available. Category: security (important) Bug References: 1181254,1182654,1186429,1186433,1186434,1187369,1187376,1187378,1189373,1189376,1189378,1189380,1189882 CVE References: CVE-2021-0089,CVE-2021-20255,CVE-2021-28690,CVE-2021-28692,CVE-2021-28694,CVE-2021-28695,CVE-2021-28696,CVE-2021-28697,CVE-2021-28698,CVE-2021-28699,CVE-2021-3308,CVE-2021-3592,CVE-2021-3594,CVE-2021-3595 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): xen-4.11.4_20-2.60.1 SUSE OpenStack Cloud 9 (src): xen-4.11.4_20-2.60.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): xen-4.11.4_20-2.60.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): xen-4.11.4_20-2.60.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
# maintenance_jira_update_notice SUSE-SU-2021:2957-1: An update that fixes 13 vulnerabilities is now available. Category: security (important) Bug References: 1182654,1186429,1186433,1186434,1187369,1187376,1187378,1189373,1189376,1189378,1189380,1189882 CVE References: CVE-2021-0089,CVE-2021-20255,CVE-2021-28690,CVE-2021-28692,CVE-2021-28694,CVE-2021-28695,CVE-2021-28696,CVE-2021-28697,CVE-2021-28698,CVE-2021-28699,CVE-2021-3592,CVE-2021-3594,CVE-2021-3595 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 8 (src): xen-4.9.4_20-3.91.1 SUSE OpenStack Cloud 8 (src): xen-4.9.4_20-3.91.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): xen-4.9.4_20-3.91.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): xen-4.9.4_20-3.91.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): xen-4.9.4_20-3.91.1 HPE Helion Openstack 8 (src): xen-4.9.4_20-3.91.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:3322-1: An update that fixes 13 vulnerabilities is now available. Category: security (moderate) Bug References: 1182654,1186429,1186433,1186434,1187369,1187376,1187378,1189373,1189376,1189378,1189632,1189882 CVE References: CVE-2021-0089,CVE-2021-20255,CVE-2021-28690,CVE-2021-28692,CVE-2021-28694,CVE-2021-28695,CVE-2021-28696,CVE-2021-28697,CVE-2021-28698,CVE-2021-28701,CVE-2021-3592,CVE-2021-3594,CVE-2021-3595 JIRA References: Sources used: SUSE Linux Enterprise Server 12-SP2-BCL (src): xen-4.7.6_16-43.79.5 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:14848-1: An update that fixes 17 vulnerabilities is now available. Category: security (moderate) Bug References: 1182654,1186013,1186429,1186433,1186434,1187369,1187376,1187378,1189150,1189376,1189378,1189632,1192526,1192554,1192555,1192559 CVE References: CVE-2021-0089,CVE-2021-20255,CVE-2021-28690,CVE-2021-28692,CVE-2021-28697,CVE-2021-28698,CVE-2021-28701,CVE-2021-28703,CVE-2021-28705,CVE-2021-28706,CVE-2021-28709,CVE-2021-3527,CVE-2021-3592,CVE-2021-3594,CVE-2021-3595,CVE-2021-3682,CVE-2021-3930 JIRA References: Sources used: SUSE Linux Enterprise Server 11-SP4-LTSS (src): xen-4.4.4_50-61.67.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): xen-4.4.4_50-61.67.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.