A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. It occurs in ip_reass() routine while reassembling incoming packets, if the first fragment is bigger than the m->m_dat[] buffer. A user/process could use this flaw to crash the Qemu process on the host resulting in DoS or potentially execute arbitrary code with privileges of the QEMU process. Upstream patch: --------------- -> https://gitlab.freedesktop.org/slirp/libslirp/commit/126c04acbabd7ad32c2b018fe10dfac2a3bc1210 Reference: ---------- -> https://www.openwall.com/lists/oss-security/2019/08/01/2
Acknowledgments: Name: Vishnu Dev
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1735654]
Statement: Red Hat OpenStack Platform: * This flaw impacts KVM user-mode or SLIRP networking, which is not used in Red Hat OpenStack Platform. Although updating is recommended for affected versions (see below), Red Hat OpenStack Platform environments are not vulnerable. * Because the flaw's impact is Low, it will not be fixed in Red Hat OpenStack Platform 9 which is retiring within a few weeks of the flaw's public date.
Mitigation: There is no external mitigation to prevent this out-of-bounds heap memory access.
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Red Hat Virtualization Engine 4.3 Via RHSA-2019:3179 https://access.redhat.com/errata/RHSA-2019:3179
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-14378
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3403 https://access.redhat.com/errata/RHSA-2019:3403
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3494 https://access.redhat.com/errata/RHSA-2019:3494
This issue has been addressed in the following products: Red Hat OpenStack Platform 14.0 (Rocky) Via RHSA-2019:3742 https://access.redhat.com/errata/RHSA-2019:3742
This issue has been addressed in the following products: Red Hat OpenStack Platform 13.0 (Queens) Via RHSA-2019:3787 https://access.redhat.com/errata/RHSA-2019:3787
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:3968 https://access.redhat.com/errata/RHSA-2019:3968
This issue has been addressed in the following products: Red Hat OpenStack Platform 10.0 (Newton) Via RHSA-2019:4344 https://access.redhat.com/errata/RHSA-2019:4344
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0366 https://access.redhat.com/errata/RHSA-2020:0366
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:0775 https://access.redhat.com/errata/RHSA-2020:0775
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extras Via RHSA-2020:0889 https://access.redhat.com/errata/RHSA-2020:0889
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Red Hat Virtualization Engine 4.3 Via RHSA-2020:1216 https://access.redhat.com/errata/RHSA-2020:1216
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2020:2065 https://access.redhat.com/errata/RHSA-2020:2065
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2020:2126 https://access.redhat.com/errata/RHSA-2020:2126
This issue has been addressed in the following products: Red Hat Virtualization Engine 4.2 Via RHSA-2020:2342 https://access.redhat.com/errata/RHSA-2020:2342