Описание
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.
A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the tcp_emu() routine while emulating IRC and other protocols. An attacker could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process.
Отчет
This issue affects user-mode or SLiRP networking implementation of the QEMU emulator. Though qemu-kvm package is built with SLiRP networking support, due to its limitations, it is not used by the virtual machine guests by default. This issue affects versions of the qemu-kvm package as shipped with Red Hat Enterprise Linux 5, 6, 7, 8 and Red Hat Enterprise Linux Advanced Virtualization 8. Future qemu-kvm package updates for Red Hat Enterprise Linux 6, 7, 8 and Red Hat Enterprise Linux Advanced Virtualization 8 may address this issue. Red Hat Enterprise Linux 5 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This issue is currently not planned to be addressed in its future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. Red Hat OpenStack Platform:
- This flaw impacts KVM user-mode or SLIRP networking, which is not used in Red Hat OpenStack Platform. Although updating is recommended for affected versions (see below), Red Hat OpenStack Platform environments are not vulnerable.
Меры по смягчению последствий
This issue can only be resolved by applying updates. Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kvm | Out of support scope | ||
| Red Hat Enterprise Linux 5 | xen | Not affected | ||
| Red Hat Enterprise Linux 7 | qemu-kvm-rhev | Affected | ||
| Red Hat Enterprise Linux 8 Advanced Virtualization | qemu-kvm | Affected | ||
| Advanced Virtualization for RHEL 8.1.1 | virt | Fixed | RHSA-2020:1261 | 01.04.2020 |
| Advanced Virtualization for RHEL 8.1.1 | virt-devel | Fixed | RHSA-2020:1261 | 01.04.2020 |
| Red Hat Enterprise Linux 6 | qemu-kvm | Fixed | RHSA-2020:0775 | 10.03.2020 |
| Red Hat Enterprise Linux 7 | qemu-kvm | Fixed | RHSA-2020:1116 | 31.03.2020 |
| Red Hat Enterprise Linux 7 | qemu-kvm-ma | Fixed | RHSA-2020:1150 | 31.03.2020 |
| Red Hat Enterprise Linux 7.7 Extended Update Support | qemu-kvm | Fixed | RHSA-2020:1351 | 07.04.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.6 Medium
CVSS3
Связанные уязвимости
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, misman ...
EPSS
5.6 Medium
CVSS3