Описание
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
An out-of-bounds heap buffer access flaw was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in tcp_emu() routine while emulating IRC and other protocols due to unsafe usage of the snprintf(3) function. A user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.
Отчет
This issue affects user-mode or SLiRP networking implementation of the QEMU emulator. Though qemu-kvm package is built with SLiRP networking support, due to its limitations, it is not used by the virtual machine guests by default.
This issue affects versions of the qemu-kvm package as shipped with Red Hat Enterprise Linux 5, 6, 7, 8 and Red Hat Enterprise Linux Advanced Virtualization 8. Future qemu-kvm package updates for Red Hat Enterprise Linux 6, 7, 8 and Red Hat Enterprise Linux Advanced Virtualization 8 may address this issue.
Red Hat Enterprise Linux 5 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This issue is currently not planned to be addressed in its future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
Red Hat OpenStack Platform:
This flaw impacts KVM user-mode or SLIRP networking, which is not used in Red Hat OpenStack Platform. Although updating is recommended for affected versions (see below), Red Hat OpenStack Platform environments are not vulnerable.
Меры по смягчению последствий
This issue can only be resolved by applying updates. Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kvm | Out of support scope | ||
| Red Hat Enterprise Linux 5 | xen | Not affected | ||
| Red Hat Enterprise Linux 8 | container-tools:1.0/slirp4netns | Not affected | ||
| Red Hat Enterprise Linux 8 | container-tools:2.0/slirp4netns | Not affected | ||
| Red Hat Enterprise Linux 8 Advanced Virtualization | qemu-kvm | Affected | ||
| Advanced Virtualization for RHEL 8.1.1 | virt | Fixed | RHSA-2020:1261 | 01.04.2020 |
| Advanced Virtualization for RHEL 8.1.1 | virt-devel | Fixed | RHSA-2020:1261 | 01.04.2020 |
| Red Hat Enterprise Linux 6 | qemu-kvm | Fixed | RHSA-2020:1403 | 08.04.2020 |
| Red Hat Enterprise Linux 7 | qemu-kvm | Fixed | RHSA-2020:1208 | 31.03.2020 |
| Red Hat Enterprise Linux 7 | qemu-kvm-ma | Fixed | RHSA-2020:1209 | 31.03.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.6 Medium
CVSS3
Связанные уязвимости
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf ...
EPSS
5.6 Medium
CVSS3