SB2021062220 - Multiple vulnerabilities in Freedesktop libslirp

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Release of invalid pointer or reference (CVE-ID: CVE-2021-3595)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to invalid pointer initialization within the tftp_input() function while processing UDP packets in the SLiRP networking implementation of QEMU. A malicious guest could use this vulnerability to read host memory.

2) Release of invalid pointer or reference (CVE-ID: CVE-2021-3594)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to invalid pointer initialization within the udp_input() function while processing UDP packets in the SLiRP networking implementation of QEMU. A malicious guest could use this vulnerability to read host memory.

3) Release of invalid pointer or reference (CVE-ID: CVE-2021-3593)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to invalid pointer initialization within the udp6_input() function while processing UDP packets in the SLiRP networking implementation of QEMU. A malicious guest could use this vulnerability to read host memory.

4) Release of invalid pointer or reference (CVE-ID: CVE-2021-3592)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to invalid pointer initialization within the bootp_input() function while processing UDP packets in the SLiRP networking implementation of QEMU. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host.

Remediation

Install update from vendor's website.

References

• https://bugzilla.redhat.com/show_bug.cgi?id=1970489
• https://bugzilla.redhat.com/show_bug.cgi?id=1970491
• https://bugzilla.redhat.com/show_bug.cgi?id=1970487
• https://bugzilla.redhat.com/show_bug.cgi?id=1970484