An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The function tftp_input() handles requests for the tftp protocol from the guest. While processing a udp packet that is smaller than the size of the tftp_t structure it uses memory from outside the working mbuf buffer. This issue may lead to out of bound read access or indirect memory disclosure to the guest. Upstream commits: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e7 https://gitlab.freedesktop.org/slirp/libslirp/-/commit/3f179481 https://gitlab.freedesktop.org/slirp/libslirp/-/commit/990163cf
Created libslirp tracking bugs for this issue: Affects: epel-all [bug 1972242] Affects: fedora-all [bug 1972243] Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1972241]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:4191 https://access.redhat.com/errata/RHSA-2021:4191
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3595