An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The function udp6_input() handles requests for the udp protocol from the guest. While processing a udp packet that is smaller than the size of the udphdr structure it uses memory from outside the working mbuf buffer. This issue may lead to out of bound read access or indirect memory disclosure to the guest. Upstream commits: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e7 https://gitlab.freedesktop.org/slirp/libslirp/-/commit/de71c15d
Created libslirp tracking bugs for this issue: Affects: epel-all [bug 1972247] Affects: fedora-all [bug 1972250] Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1972245]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:4191 https://access.redhat.com/errata/RHSA-2021:4191
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3593