An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The function bootp_input() in src/bootp.c handles requests for the bootp protocol from the guest. While processing a udp packet that is smaller than the size of the bootp_t structure (548 bytes) it uses memory from outside the working mbuf buffer. This may lead to the leakage of 10 bytes of uninitialized heap memory to the guest.
Created libslirp tracking bugs for this issue:
Affects: epel-all [bug 1972246]
Affects: fedora-all [bug 1972249]
Created qemu tracking bugs for this issue:
Affects: fedora-all [bug 1972244]