+++ This bug was initially created as a clone of Bug #1791677 +++ Description of problem: Upstream libslirp has disabled emulation of the tcp programs like ftp/IRC etc. in user-mode SLiRP networking since v4.1.0. -> https://gitlab.freedesktop.org/slirp/libslirp/commit/07c2a44b67e219ac14207f7a1b33704e1312cf91 emu: disable by default tcp_emu() is known to have caused several CVEs, and not useful today in most cases. https://nvd.nist.gov/vuln/detail/CVE-2019-6778 https://nvd.nist.gov/vuln/detail/CVE-2019-9824 The feature can be still enabled by setting SlirpConfig.enable_emu to true. * Please include this patch in the qemu-kvm package versions of RHEL too. * It'll probably be better to disable user-mode SLiRP networking itself in qemu-kvm. ie. compile qemu-kvm package with '--disable-slirp' configure option.
Has successful reproduced it with qemu-kvm-1.5.3-173.el7 and Verified it with fix version qemu-kvm-1.5.3-174.el7. Steps: 1. boot up guest with "/usr/libexec/qemu-kvm -enable-kvm -nographic -m 2048 -net user,hostfwd=tcp::2222-:22 -net nic /root/rhel78-64-virtio.qcow2" 2. nc -l 127.0.0.1 113 on host 3. run on guest nc -C 10.0.2.2 113 1234 , 4321 Results: With qemu-kvm-1.5.3-173.el7: # nc -l 127.0.0.1 113 1234,4321 With qemu-kvm-1.5.3-174.el7: # nc -l 127.0.0.1 113 1234 , 4321 Base on above, set it to VERIFIED. Thanks all
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Low: qemu-kvm security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:3906