An out-of-bounds access issue was found in the SLiRP user networking implementation of QEMU. It could occur while processing ARP/NCSI packets, if the packet length was shorter than required to accommodate respective protocol headers and payload. A privileged guest user may use this flaw to potentially leak host information bytes. Upstream patch: --------------- -> https://lists.freedesktop.org/archives/slirp/2020-November/000115.html
Acknowledgments: Name: Qiuhao Li
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1902232]
External References: https://www.openwall.com/lists/oss-security/2020/11/27/1
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-29129 https://access.redhat.com/security/cve/cve-2020-29130
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1762 https://access.redhat.com/errata/RHSA-2021:1762