Bug 1829825 (CVE-2020-1983)
| Summary: | CVE-2020-1983 QEMU: slirp: use-after-free in ip_reass() function in ip_input.c | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | amit, berrange, bmontgom, cfergeau, dbecker, dwmw2, eparis, itamar, jburrell, jen, jferlan, jjoyce, jmaloy, jnovy, jokerman, jschluet, knoel, lhh, lpeer, lsm5, marcandre.lureau, mburns, mkenneth, mrezanin, mst, nstielau, pbonzini, ribarry, rjones, sclewis, slinaber, sponnaga, virt-maint, virt-maint |
| Target Milestone: | --- | Keywords: | Reopened, Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | libslirp 4.3.0 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A use-after-free flaw was found in the SLiRP networking implementation of the QEMU emulator. Specifically, this flaw occurs in the ip_reass() routine while reassembling incoming IP fragments whose combined size is bigger than 65k. This flaw allows an attacker to crash the QEMU process on the host, resulting in a denial of service.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-07-21 19:27:55 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1829826, 1829827, 1835839, 1836070, 1836444, 1836445, 1837565, 1837566, 1837567, 1837568, 1837569, 1837570, 1837571, 1837572, 1838070, 1838077, 1838082, 1910698 | ||
| Bug Blocks: | 1835969 | ||
|
Description
Guilherme de Almeida Suckevicz
2020-04-30 12:49:54 UTC
Created libslirp tracking bugs for this issue: Affects: epel-8 [bug 1829827] Affects: fedora-all [bug 1829826] This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products. Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1835839] OpenShift 4 packages slirp4netns which vendors in libslirp v4.1.0. Additionally, have checked that the patch for src/ip_input.c has not been already applied/backported. This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:3053 https://access.redhat.com/errata/RHSA-2020:3053 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-1983 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4079 https://access.redhat.com/errata/RHSA-2020:4079 This issue has been addressed in the following products: Advanced Virtualization for RHEL 8.1.1 Via RHSA-2020:4290 https://access.redhat.com/errata/RHSA-2020:4290 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4676 https://access.redhat.com/errata/RHSA-2020:4676 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:0346 https://access.redhat.com/errata/RHSA-2021:0346 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Red Hat Virtualization Engine 4.3 Via RHSA-2021:0459 https://access.redhat.com/errata/RHSA-2021:0459 This issue has been addressed in the following products: Red Hat OpenStack Platform 13.0 (Queens) Via RHSA-2021:0934 https://access.redhat.com/errata/RHSA-2021:0934 |