An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The function bootp_input() in src/bootp.c handles requests for the bootp protocol from the guest. While processing a udp packet that is smaller than the size of the bootp_t structure (548 bytes) it uses memory from outside the working mbuf buffer. This may lead to the leakage of 10 bytes of uninitialized heap memory to the guest. Upstream commits: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e7 https://gitlab.freedesktop.org/slirp/libslirp/-/commit/f13cad45 https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2eca0838
Created libslirp tracking bugs for this issue: Affects: epel-all [bug 1972246] Affects: fedora-all [bug 1972249] Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1972244]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:4191 https://access.redhat.com/errata/RHSA-2021:4191
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3592