Bug 1187369 - VUL-1: CVE-2021-3592: xen: slirp: invalid pointer initialization may lead to information disclosure (bootp)
Summary: VUL-1: CVE-2021-3592: xen: slirp: invalid pointer initialization may lead to ...
Status: RESOLVED FIXED
Alias: None
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Minor
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/302307/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-06-15 16:40 UTC by Gianluca Gabrielli
Modified: 2022-05-20 16:05 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Gianluca Gabrielli 2021-06-15 16:40:58 UTC
+++ This bug was initially created as a clone of Bug #1187364 +++

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The function bootp_input() in src/bootp.c handles requests for the bootp protocol from the guest. While processing a udp packet that is smaller than the size of the bootp_t structure (548 bytes) it uses memory from outside the working mbuf buffer. This may lead to the leakage of 10 bytes of uninitialized heap memory to the guest.

Upstream commits:
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e7
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/f13cad45
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2eca0838

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1970484
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3592
Comment 1 Gianluca Gabrielli 2021-06-15 16:47:23 UTC
Affected packages:
 - SUSE:SLE-11-SP1:Update:Teradata/xen     4.0.3_21548_20
 - SUSE:SLE-11-SP3:Update/xen              4.2.5_22
 - SUSE:SLE-11-SP3:Update:Teradata/xen     4.2.5_26
 - SUSE:SLE-11-SP4:Update/xen              4.4.4_48
 - SUSE:SLE-12-SP2:Update/xen              4.7.6_14
 - SUSE:SLE-12-SP3:Update/xen              4.9.4_18
 - SUSE:SLE-12-SP4:Update/xen              4.11.4_18
 - SUSE:SLE-12-SP5:Update/xen              4.12.4_10

Upstream patch [0], specifically this commit [1].

[0] https://gitlab.freedesktop.org/slirp/libslirp/-/commit/a5c9699712ed25c4b96d448e0977f7108cb0ebf5.patch
[1] https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2eca0838eee1da96204545e22cdaed860d9d7c6c.patch
Comment 5 Swamp Workflow Management 2021-09-02 13:42:53 UTC
# maintenance_jira_update_notice
SUSE-SU-2021:2924-1: An update that solves 15 vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 1027519,1179246,1180491,1180846,1182654,1183243,1185682,1186428,1186429,1186433,1186434,1187369,1187376,1187378,1188050,1189373,1189376,1189378,1189380,1189381,1189882
CVE References: CVE-2021-0089,CVE-2021-20255,CVE-2021-28690,CVE-2021-28692,CVE-2021-28693,CVE-2021-28694,CVE-2021-28695,CVE-2021-28696,CVE-2021-28697,CVE-2021-28698,CVE-2021-28699,CVE-2021-28700,CVE-2021-3592,CVE-2021-3594,CVE-2021-3595
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    xen-4.12.4_12-3.49.1
SUSE Linux Enterprise Server 12-SP5 (src):    xen-4.12.4_12-3.49.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 6 Swamp Workflow Management 2021-09-03 16:29:44 UTC
# maintenance_jira_update_notice
SUSE-SU-2021:2955-1: An update that fixes 14 vulnerabilities is now available.

Category: security (important)
Bug References: 1181254,1182654,1186429,1186433,1186434,1187369,1187376,1187378,1189373,1189376,1189378,1189380,1189882
CVE References: CVE-2021-0089,CVE-2021-20255,CVE-2021-28690,CVE-2021-28692,CVE-2021-28694,CVE-2021-28695,CVE-2021-28696,CVE-2021-28697,CVE-2021-28698,CVE-2021-28699,CVE-2021-3308,CVE-2021-3592,CVE-2021-3594,CVE-2021-3595
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    xen-4.11.4_20-2.60.1
SUSE OpenStack Cloud 9 (src):    xen-4.11.4_20-2.60.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    xen-4.11.4_20-2.60.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    xen-4.11.4_20-2.60.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Swamp Workflow Management 2021-09-06 13:17:14 UTC
# maintenance_jira_update_notice
SUSE-SU-2021:2957-1: An update that fixes 13 vulnerabilities is now available.

Category: security (important)
Bug References: 1182654,1186429,1186433,1186434,1187369,1187376,1187378,1189373,1189376,1189378,1189380,1189882
CVE References: CVE-2021-0089,CVE-2021-20255,CVE-2021-28690,CVE-2021-28692,CVE-2021-28694,CVE-2021-28695,CVE-2021-28696,CVE-2021-28697,CVE-2021-28698,CVE-2021-28699,CVE-2021-3592,CVE-2021-3594,CVE-2021-3595
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    xen-4.9.4_20-3.91.1
SUSE OpenStack Cloud 8 (src):    xen-4.9.4_20-3.91.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    xen-4.9.4_20-3.91.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    xen-4.9.4_20-3.91.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    xen-4.9.4_20-3.91.1
HPE Helion Openstack 8 (src):    xen-4.9.4_20-3.91.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2021-10-07 22:17:09 UTC
SUSE-SU-2021:3322-1: An update that fixes 13 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1182654,1186429,1186433,1186434,1187369,1187376,1187378,1189373,1189376,1189378,1189632,1189882
CVE References: CVE-2021-0089,CVE-2021-20255,CVE-2021-28690,CVE-2021-28692,CVE-2021-28694,CVE-2021-28695,CVE-2021-28696,CVE-2021-28697,CVE-2021-28698,CVE-2021-28701,CVE-2021-3592,CVE-2021-3594,CVE-2021-3595
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    xen-4.7.6_16-43.79.5

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Swamp Workflow Management 2021-12-01 21:06:51 UTC
SUSE-SU-2021:14848-1: An update that fixes 17 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1182654,1186013,1186429,1186433,1186434,1187369,1187376,1187378,1189150,1189376,1189378,1189632,1192526,1192554,1192555,1192559
CVE References: CVE-2021-0089,CVE-2021-20255,CVE-2021-28690,CVE-2021-28692,CVE-2021-28697,CVE-2021-28698,CVE-2021-28701,CVE-2021-28703,CVE-2021-28705,CVE-2021-28706,CVE-2021-28709,CVE-2021-3527,CVE-2021-3592,CVE-2021-3594,CVE-2021-3595,CVE-2021-3682,CVE-2021-3930
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    xen-4.4.4_50-61.67.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    xen-4.4.4_50-61.67.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.