An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The function tftp_input() handles requests for the tftp protocol from the guest. While processing a udp packet that is smaller than the size of the tftp_t structure it uses memory from outside the working mbuf buffer. This issue may lead to out of bound read access or indirect memory disclosure to the guest.
Created libslirp tracking bugs for this issue:
Affects: epel-all [bug 1972242]
Affects: fedora-all [bug 1972243]
Created qemu tracking bugs for this issue:
Affects: fedora-all [bug 1972241]