A out-of-bounds heap buffer access issue was found in the SLiRP networking implementation of the QEMU emulator. It occurs in tcp_emu() routine while emulating IRC and other protocols due to unsafe usage of snprintf(3) function. A user/process could use this flaw to crash the Qemu process on the host resulting in DoS or potentially execute arbitrary code with privileges of the QEMU process on the host. Also with SELinux and sVirt access control in place, malicious activity is restricted. Upstream patch: --------------- -> https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843 -> https://gitlab.freedesktop.org/slirp/libslirp/commit/30648c03b27fb8d9611b723184216cd3174b6775 Reference: ---------- -> https://www.openwall.com/lists/oss-security/2020/02/06/2
Acknowledgments: Name: Laszlo Ersek (redhat.com)
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1798454]
Statement: This issue affects user-mode or SLiRP networking implementation of the QEMU emulator. Though qemu-kvm package is built with SLiRP networking support, due to its limitations, it is not used by the virtual machine guests by default. This issue affects versions of the qemu-kvm package as shipped with Red Hat Enterprise Linux 5, 6, 7, 8 and Red Hat Enterprise Linux Advanced Virtualization 8. Future qemu-kvm package updates for Red Hat Enterprise Linux 6, 7, 8 and Red Hat Enterprise Linux Advanced Virtualization 8 may address this issue. Red Hat Enterprise Linux 5 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This issue is currently not planned to be addressed in its future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. Red Hat OpenStack Platform: This flaw impacts KVM user-mode or SLIRP networking, which is not used in Red Hat OpenStack Platform. Although updating is recommended for affected versions (see below), Red Hat OpenStack Platform environments are not vulnerable.
Mitigation: This issue can only be resolved by applying updates. Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extras Via RHSA-2020:0889 https://access.redhat.com/errata/RHSA-2020:0889
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-8608
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1208 https://access.redhat.com/errata/RHSA-2020:1208
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1209 https://access.redhat.com/errata/RHSA-2020:1209
This issue has been addressed in the following products: Advanced Virtualization for RHEL 8.1.1 Via RHSA-2020:1261 https://access.redhat.com/errata/RHSA-2020:1261
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Red Hat Virtualization Engine 4.3 Via RHSA-2020:1292 https://access.redhat.com/errata/RHSA-2020:1292
This issue has been addressed in the following products: Red Hat OpenStack Platform 10.0 (Newton) Via RHSA-2020:1300 https://access.redhat.com/errata/RHSA-2020:1300
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2020:1351 https://access.redhat.com/errata/RHSA-2020:1351
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2020:1352 https://access.redhat.com/errata/RHSA-2020:1352
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1379 https://access.redhat.com/errata/RHSA-2020:1379
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:1403 https://access.redhat.com/errata/RHSA-2020:1403
This issue has been addressed in the following products: Red Hat Virtualization Engine 4.2 Via RHSA-2020:2342 https://access.redhat.com/errata/RHSA-2020:2342
This issue has been addressed in the following products: Red Hat OpenStack Platform 13.0 (Queens) Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS Via RHSA-2020:2730 https://access.redhat.com/errata/RHSA-2020:2730
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:2773 https://access.redhat.com/errata/RHSA-2020:2773
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:2774 https://access.redhat.com/errata/RHSA-2020:2774
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2020:2844 https://access.redhat.com/errata/RHSA-2020:2844
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:3040 https://access.redhat.com/errata/RHSA-2020:3040