Bug 1734745 (CVE-2019-14378)
| Summary: | CVE-2019-14378 QEMU: slirp: heap buffer overflow during packet reassembly | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Prasad Pandit <ppandit> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | ailan, amit, areis, berrange, bmontgom, cfergeau, dbecker, drjones, dwmw2, eparis, imammedo, itamar, jburrell, jen, jferlan, jforbes, jjoyce, jnovy, jokerman, jschluet, kbasil, knoel, lfriedma, lhh, lpeer, lsm5, marcandre.lureau, m.a.young, mburns, mkenneth, mrezanin, mst, nstielau, pbonzini, philmd, rbalakri, ribarry, rjones, robinlee.sysu, sclewis, sfowler, slinaber, smccarty, sponnaga, virt-maint, virt-maint, vkuznets, xen-maint |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the ip_reass() routine while reassembling incoming packets if the first fragment is bigger than the m->m_dat[] buffer. An attacker could use this flaw to crash the QEMU process on the host, resulting in a Denial of Service or potentially executing arbitrary code with privileges of the QEMU process.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-10-23 12:51:12 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1734747, 1734748, 1734749, 1734750, 1734751, 1734752, 1734753, 1734754, 1734755, 1735477, 1735478, 1735479, 1735652, 1735653, 1735654, 1755592, 1755593, 1755594, 1755595, 1757154, 1757155, 1768394, 1825854, 1825855, 1825856, 1825857, 1825858, 1825859, 1825860, 1825861, 1825862, 1825863, 1825864, 1825865 | ||
| Bug Blocks: | 1727851 | ||
|
Description
Prasad Pandit
2019-07-31 11:07:55 UTC
Acknowledgments: Name: Vishnu Dev Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1735654] Statement: Red Hat OpenStack Platform: * This flaw impacts KVM user-mode or SLIRP networking, which is not used in Red Hat OpenStack Platform. Although updating is recommended for affected versions (see below), Red Hat OpenStack Platform environments are not vulnerable. * Because the flaw's impact is Low, it will not be fixed in Red Hat OpenStack Platform 9 which is retiring within a few weeks of the flaw's public date. Mitigation: There is no external mitigation to prevent this out-of-bounds heap memory access. This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Red Hat Virtualization Engine 4.3 Via RHSA-2019:3179 https://access.redhat.com/errata/RHSA-2019:3179 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-14378 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3403 https://access.redhat.com/errata/RHSA-2019:3403 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3494 https://access.redhat.com/errata/RHSA-2019:3494 This issue has been addressed in the following products: Red Hat OpenStack Platform 14.0 (Rocky) Via RHSA-2019:3742 https://access.redhat.com/errata/RHSA-2019:3742 This issue has been addressed in the following products: Red Hat OpenStack Platform 13.0 (Queens) Via RHSA-2019:3787 https://access.redhat.com/errata/RHSA-2019:3787 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:3968 https://access.redhat.com/errata/RHSA-2019:3968 This issue has been addressed in the following products: Red Hat OpenStack Platform 10.0 (Newton) Via RHSA-2019:4344 https://access.redhat.com/errata/RHSA-2019:4344 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0366 https://access.redhat.com/errata/RHSA-2020:0366 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:0775 https://access.redhat.com/errata/RHSA-2020:0775 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extras Via RHSA-2020:0889 https://access.redhat.com/errata/RHSA-2020:0889 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Red Hat Virtualization Engine 4.3 Via RHSA-2020:1216 https://access.redhat.com/errata/RHSA-2020:1216 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2020:2065 https://access.redhat.com/errata/RHSA-2020:2065 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2020:2126 https://access.redhat.com/errata/RHSA-2020:2126 This issue has been addressed in the following products: Red Hat Virtualization Engine 4.2 Via RHSA-2020:2342 https://access.redhat.com/errata/RHSA-2020:2342 |