First Last Prev Next    This bug is not in your last search results.
Bug 1187366 - (CVE-2021-3595) VUL-1: CVE-2021-3595: qemu: slirp,libslirp: invalid pointer initialization may lead to information disclosure (tftp)
(CVE-2021-3595)
VUL-1: CVE-2021-3595: qemu: slirp,libslirp: invalid pointer initialization ma...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: José Ricardo Ziviani
Security Team bot
https://smash.suse.de/issue/302308/
CVSSv3.1:SUSE:CVE-2021-3595:3.8:(AV:L...
:
Depends on: 1198773
Blocks:
  Show dependency treegraph
 
Reported: 2021-06-15 16:13 UTC by Gianluca Gabrielli
Modified: 2023-01-11 15:38 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---
gianluca.gabrielli: needinfo? (jose.ziviani)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Gianluca Gabrielli 2021-06-15 16:13:43 UTC 
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The function tftp_input() handles requests for the tftp protocol from the guest. While processing a udp packet that is smaller than the size of the tftp_t structure it uses memory from outside the working mbuf buffer. This issue may lead to out of bound read access or indirect memory disclosure to the guest.

Upstream commits:
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e7
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/3f179481
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/990163cf

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1970489
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3595
Comment 1 Gianluca Gabrielli 2021-06-15 16:15:01 UTC 
Affeced packages:
 - SUSE:SLE-12-SP2:Update/qemu     2.6.2
 - SUSE:SLE-12-SP3:Update/qemu     2.9.1
 - SUSE:SLE-12-SP4:Update/qemu     2.11.2
 - SUSE:SLE-12-SP5:Update/qemu     3.1.1.1
 - SUSE:SLE-15-SP1:Update/qemu     3.1.1.1
 - SUSE:SLE-15-SP2:Update/qemu     4.2.1
 - SUSE:SLE-15-SP3:Update/qemu     5.2.0
 - SUSE:SLE-15:Update/qemu         2.11.2
 - openSUSE:Factory/qemu           6.0.0

Upstream patch [0] (same as bsc#1187364), in the specific this commit [1].

[0] https://gitlab.freedesktop.org/slirp/libslirp/-/commit/a5c9699712ed25c4b96d448e0977f7108cb0ebf5.patch
[1] https://gitlab.freedesktop.org/slirp/libslirp/-/commit/990163cf3ac86b7875559f49602c4d76f46f6f30.patch
Comment 4 Swamp Workflow Management 2021-07-21 13:28:22 UTC 
SUSE-SU-2021:2428-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1187364,1187365,1187366,1187367,1187529
CVE References: CVE-2021-3592,CVE-2021-3593,CVE-2021-3594,CVE-2021-3595,CVE-2021-3611
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    qemu-2.6.2-41.68.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 5 Swamp Workflow Management 2021-07-22 13:17:47 UTC 
SUSE-SU-2021:2448-1: An update that solves 8 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1185591,1187364,1187365,1187366,1187367,1187499,1187529,1187538,1187539
CVE References: CVE-2021-3582,CVE-2021-3592,CVE-2021-3593,CVE-2021-3594,CVE-2021-3595,CVE-2021-3607,CVE-2021-3608,CVE-2021-3611
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    qemu-3.1.1.1-54.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 6 Swamp Workflow Management 2021-07-23 13:19:00 UTC 
SUSE-SU-2021:2461-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1187364,1187365,1187366,1187367,1187529
CVE References: CVE-2021-3592,CVE-2021-3593,CVE-2021-3594,CVE-2021-3595,CVE-2021-3611
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    qemu-2.11.2-9.49.1
SUSE Linux Enterprise Server 15-LTSS (src):    qemu-2.11.2-9.49.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    qemu-2.11.2-9.49.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    qemu-2.11.2-9.49.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2021-07-27 13:18:09 UTC 
SUSE-SU-2021:2474-1: An update that fixes 8 vulnerabilities is now available.

Category: security (important)
Bug References: 1187364,1187365,1187366,1187367,1187499,1187529,1187538,1187539
CVE References: CVE-2021-3582,CVE-2021-3592,CVE-2021-3593,CVE-2021-3594,CVE-2021-3595,CVE-2021-3607,CVE-2021-3608,CVE-2021-3611
JIRA References: 
Sources used:
SUSE MicroOS 5.0 (src):    qemu-4.2.1-11.25.2
SUSE Linux Enterprise Module for Server Applications 15-SP2 (src):    qemu-4.2.1-11.25.2
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    qemu-4.2.1-11.25.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2021-07-27 13:21:19 UTC 
openSUSE-SU-2021:2474-1: An update that fixes 8 vulnerabilities is now available.

Category: security (important)
Bug References: 1187364,1187365,1187366,1187367,1187499,1187529,1187538,1187539
CVE References: CVE-2021-3582,CVE-2021-3592,CVE-2021-3593,CVE-2021-3594,CVE-2021-3595,CVE-2021-3607,CVE-2021-3608,CVE-2021-3611
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    qemu-4.2.1-11.25.2
Comment 10 Swamp Workflow Management 2021-07-28 10:18:51 UTC 
SUSE-SU-2021:2546-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1187364,1187365,1187366,1187367,1187529
CVE References: CVE-2021-3592,CVE-2021-3593,CVE-2021-3594,CVE-2021-3595,CVE-2021-3611
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    qemu-2.11.2-5.35.1
SUSE OpenStack Cloud 9 (src):    qemu-2.11.2-5.35.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    qemu-2.11.2-5.35.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    qemu-2.11.2-5.35.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Swamp Workflow Management 2021-07-29 16:17:34 UTC 
SUSE-SU-2021:2563-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1187364,1187365,1187366,1187367,1187529
CVE References: CVE-2021-3592,CVE-2021-3593,CVE-2021-3594,CVE-2021-3595,CVE-2021-3611
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    qemu-2.9.1-6.53.1
SUSE OpenStack Cloud 8 (src):    qemu-2.9.1-6.53.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    qemu-2.9.1-6.53.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    qemu-2.9.1-6.53.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    qemu-2.9.1-6.53.1
HPE Helion Openstack 8 (src):    qemu-2.9.1-6.53.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2021-08-02 16:18:24 UTC 
openSUSE-SU-2021:2591-1: An update that solves 9 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1176681,1185591,1186290,1187364,1187365,1187366,1187367,1187499,1187529,1187538,1187539
CVE References: CVE-2020-25085,CVE-2021-3582,CVE-2021-3592,CVE-2021-3593,CVE-2021-3594,CVE-2021-3595,CVE-2021-3607,CVE-2021-3608,CVE-2021-3611
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    qemu-3.1.1.1-9.30.2
Comment 13 Swamp Workflow Management 2021-08-02 16:20:42 UTC 
SUSE-SU-2021:2591-1: An update that solves 9 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1176681,1185591,1186290,1187364,1187365,1187366,1187367,1187499,1187529,1187538,1187539
CVE References: CVE-2020-25085,CVE-2021-3582,CVE-2021-3592,CVE-2021-3593,CVE-2021-3594,CVE-2021-3595,CVE-2021-3607,CVE-2021-3608,CVE-2021-3611
JIRA References: 
Sources used:
SUSE Manager Server 4.0 (src):    qemu-3.1.1.1-9.30.2
SUSE Manager Retail Branch Server 4.0 (src):    qemu-3.1.1.1-9.30.2
SUSE Manager Proxy 4.0 (src):    qemu-3.1.1.1-9.30.2
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    qemu-3.1.1.1-9.30.2
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    qemu-3.1.1.1-9.30.2
SUSE Linux Enterprise Server 15-SP1-BCL (src):    qemu-3.1.1.1-9.30.2
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    qemu-3.1.1.1-9.30.2
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    qemu-3.1.1.1-9.30.2
SUSE Enterprise Storage 6 (src):    qemu-3.1.1.1-9.30.2
SUSE CaaS Platform 4.0 (src):    qemu-3.1.1.1-9.30.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Gianluca Gabrielli 2021-08-12 16:19:07 UTC 
Hi Ralf,

can you please patch SUSE:SLE-15-SP3:Update/libslirp which is also affected? While openSUSE:Factory/libslirp is already patched.

Thanks
Comment 15 Swamp Workflow Management 2021-08-26 19:17:26 UTC 
# maintenance_jira_update_notice
openSUSE-SU-2021:1202-1: An update that fixes 15 vulnerabilities is now available.

Category: security (important)
Bug References: 1180432,1180433,1180434,1180435,1182651,1186012,1187364,1187365,1187366,1187367,1187499,1187529,1187538,1187539,1189145
CVE References: CVE-2020-35503,CVE-2020-35504,CVE-2020-35505,CVE-2020-35506,CVE-2021-20255,CVE-2021-3527,CVE-2021-3582,CVE-2021-3592,CVE-2021-3593,CVE-2021-3594,CVE-2021-3595,CVE-2021-3607,CVE-2021-3608,CVE-2021-3611,CVE-2021-3682
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    qemu-4.2.1-lp152.9.20.1, qemu-linux-user-4.2.1-lp152.9.20.1, qemu-testsuite-4.2.1-lp152.9.20.1
Comment 16 Gianluca Gabrielli 2022-02-21 15:01:47 UTC 
(In reply to José Ricardo Ziviani from comment #7)
> Basically the same comment I did in 1187364 applies here. I backported the
> fix except to 15-SP3 and Factory because I understand that is another team
> taking care of it.

There still is a missing submission for qemu. Could you please submit the patch to:
 - SUSE:SLE-15-SP3:Update

@Coldpool: can you please submit the patch for SUSE:SLE-15-SP3:Update/libslirp ?
Comment 17 Petr Gajdos 2022-02-23 09:04:16 UTC 
15sp3/libslirp submitted.
Comment 20 Gianluca Gabrielli 2022-03-02 11:15:32 UTC 
(In reply to Petr Gajdos from comment #19)
> https://bugzilla.suse.com/show_bug.cgi?id=1187367#c23

right, thanks!
Comment 21 Swamp Workflow Management 2022-04-22 19:29:14 UTC 
SUSE-SU-2022:1314-1: An update that fixes three vulnerabilities is now available.

Category: security (low)
Bug References: 1187364,1187366,1187367
CVE References: CVE-2021-3592,CVE-2021-3594,CVE-2021-3595
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    libslirp-4.3.1-150300.3.3.1
openSUSE Leap 15.3 (src):    libslirp-4.3.1-150300.3.3.1
SUSE Linux Enterprise Module for Server Applications 15-SP3 (src):    libslirp-4.3.1-150300.3.3.1
SUSE Linux Enterprise Micro 5.1 (src):    libslirp-4.3.1-150300.3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 22 Swamp Workflow Management 2022-04-29 13:18:07 UTC 
SUSE-SU-2022:1465-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1187364,1187366,1187367,1198773
CVE References: CVE-2021-3592,CVE-2021-3594,CVE-2021-3595
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    libslirp-4.3.1-150300.2.7.1
openSUSE Leap 15.3 (src):    libslirp-4.3.1-150300.2.7.1
SUSE Linux Enterprise Module for Server Applications 15-SP4 (src):    libslirp-4.3.1-150300.2.7.1
SUSE Linux Enterprise Module for Server Applications 15-SP3 (src):    libslirp-4.3.1-150300.2.7.1
SUSE Linux Enterprise Micro 5.2 (src):    libslirp-4.3.1-150300.2.7.1
SUSE Linux Enterprise Micro 5.1 (src):    libslirp-4.3.1-150300.2.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 23 Swamp Workflow Management 2022-05-18 19:18:16 UTC 
SUSE-SU-2022:1730-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1187364,1187366,1187367,1198773
CVE References: CVE-2021-3592,CVE-2021-3594,CVE-2021-3595
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    libslirp-4.3.1-150300.6.2
openSUSE Leap 15.3 (src):    libslirp-4.3.1-150300.6.2
SUSE Linux Enterprise Module for Server Applications 15-SP4 (src):    libslirp-4.3.1-150300.6.2
SUSE Linux Enterprise Module for Server Applications 15-SP3 (src):    libslirp-4.3.1-150300.6.2
SUSE Linux Enterprise Micro 5.2 (src):    libslirp-4.3.1-150300.6.2
SUSE Linux Enterprise Micro 5.1 (src):    libslirp-4.3.1-150300.6.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 24 Hu 2023-01-11 15:38:52 UTC 
done, fixed
First Last Prev Next    This bug is not in your last search results.