CVE-2021-3592

15.06.2021, 21:15

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	3.8 LOW	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 8%

Affected Products (NVD)

Vendor	Product	Version
libslirp_project	libslirp	𝑥 < 4.6.0
redhat	enterprise_linux	8.0
redhat	enterprise_linux	8.0
debian	debian_linux	9.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libslirp

bookworm	4.7.0-1 fixed
bullseye	4.4.0-1+deb11u2 fixed
sid	4.8.0-1 fixed
stretch	ignored
trixie	4.8.0-1 fixed

qemu

bookworm	1:7.2+dfsg-7+deb12u7 fixed
bullseye	1:5.2+dfsg-11+deb11u3 fixed
bullseye (security)	1:5.2+dfsg-11+deb11u2 fixed
sid	1:9.1.1+ds-2 fixed
stretch	ignored
trixie	1:9.1.1+ds-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

libslirp

bionic	dne
focal	Fixed 4.1.0-2ubuntu2.2 released
groovy	Fixed 4.3.1-1ubuntu0.1 released
hirsute	Fixed 4.4.0-1ubuntu0.1 released
impish	Fixed 4.4.0-1ubuntu0.21.10.1 released
jammy	Fixed 4.6.1-1 released
kinetic	Fixed 4.6.1-1 released
lunar	Fixed 4.6.1-1 released
mantic	Fixed 4.6.1-1 released
noble	Fixed 4.6.1-1 released
trusty	dne
xenial	ignored

qemu

bionic	Fixed 1:2.11+dfsg-1ubuntu7.37 released
focal	not-affected
groovy	not-affected
hirsute	not-affected
impish	not-affected
jammy	not-affected
kinetic	not-affected
lunar	not-affected
mantic	not-affected
noble	not-affected
trusty	needed
xenial	needed

openSUSE / SLES Releases

openSUSE Product

Release

libslirp-devel

suse enterprise sap 15 SP3	4.3.1-150300.6.2 fixed
suse enterprise sap 15 SP4	4.3.1-150300.2.7.1 fixed
suse enterprise server 15 SP3	4.3.1-150300.6.2 fixed
suse enterprise server 15 SP4	4.3.1-150300.2.7.1 fixed

libslirp0

suse enterprise sap 15 SP3	4.3.1-150300.6.2 fixed
suse enterprise sap 15 SP4	4.3.1-150300.2.7.1 fixed
suse enterprise server 15 SP3	4.3.1-150300.6.2 fixed
suse enterprise server 15 SP4	4.3.1-150300.2.7.1 fixed

qemu

suse enterprise sap 12 SP5	3.1.1.1-54.1 fixed
suse enterprise sap 15 SP2	4.2.1-11.25.2 fixed
suse enterprise server 12 SP3	2.9.1-43.65.2 fixed
suse enterprise server 12 SP4	2.11.2-5.35.1 fixed
suse enterprise server 12 SP5	3.1.1.1-54.1 fixed
suse enterprise server 15	2.11.2-9.49.1 fixed
suse enterprise server 15 SP1	3.1.1.1-9.30.2 fixed
suse enterprise server 15 SP2	4.2.1-11.25.2 fixed

qemu-arm

suse enterprise sap 12 SP5	3.1.1.1-54.1 fixed
suse enterprise sap 15 SP2	4.2.1-11.25.2 fixed
suse enterprise server 12 SP3	2.9.1-6.53.1 fixed
suse enterprise server 12 SP4	2.11.2-5.35.1 fixed
suse enterprise server 12 SP5	3.1.1.1-54.1 fixed
suse enterprise server 15	2.11.2-9.49.1 fixed
suse enterprise server 15 SP1	3.1.1.1-9.30.2 fixed
suse enterprise server 15 SP2	4.2.1-11.25.2 fixed

qemu-audio-alsa

suse enterprise sap 12 SP5	3.1.1.1-54.1 fixed
suse enterprise sap 15 SP2	4.2.1-11.25.2 fixed
suse enterprise server 12 SP5	3.1.1.1-54.1 fixed
suse enterprise server 15 SP1	3.1.1.1-9.30.2 fixed
suse enterprise server 15 SP2	4.2.1-11.25.2 fixed

qemu-audio-oss

suse enterprise sap 12 SP5	3.1.1.1-54.1 fixed
suse enterprise server 12 SP5	3.1.1.1-54.1 fixed
suse enterprise server 15 SP1	3.1.1.1-9.30.2 fixed

qemu-audio-pa

suse enterprise sap 12 SP5	3.1.1.1-54.1 fixed
suse enterprise sap 15 SP2	4.2.1-11.25.2 fixed
suse enterprise server 12 SP5	3.1.1.1-54.1 fixed
suse enterprise server 15 SP1	3.1.1.1-9.30.2 fixed
suse enterprise server 15 SP2	4.2.1-11.25.2 fixed

qemu-audio-sdl

suse enterprise sap 12 SP5	3.1.1.1-54.1 fixed
suse enterprise server 12 SP5	3.1.1.1-54.1 fixed

qemu-block-curl

suse enterprise sap 12 SP5	3.1.1.1-54.1 fixed
suse enterprise sap 15 SP2	4.2.1-11.25.2 fixed
suse enterprise server 12 SP3	2.9.1-43.65.2 fixed
suse enterprise server 12 SP4	2.11.2-5.35.1 fixed
suse enterprise server 12 SP5	3.1.1.1-54.1 fixed
suse enterprise server 15	2.11.2-9.49.1 fixed
suse enterprise server 15 SP1	3.1.1.1-9.30.2 fixed
suse enterprise server 15 SP2	4.2.1-11.25.2 fixed

qemu-block-iscsi

suse enterprise sap 12 SP5	3.1.1.1-54.1 fixed
suse enterprise sap 15 SP2	4.2.1-11.25.2 fixed
suse enterprise server 12 SP3	2.9.1-43.65.2 fixed
suse enterprise server 12 SP4	2.11.2-5.35.1 fixed
suse enterprise server 12 SP5	3.1.1.1-54.1 fixed
suse enterprise server 15	2.11.2-9.49.1 fixed
suse enterprise server 15 SP1	3.1.1.1-9.30.2 fixed
suse enterprise server 15 SP2	4.2.1-11.25.2 fixed

qemu-block-rbd

suse enterprise sap 12 SP5	3.1.1.1-54.1 fixed
suse enterprise sap 15 SP2	4.2.1-11.25.2 fixed
suse enterprise server 12 SP3	2.9.1-43.65.2 fixed
suse enterprise server 12 SP4	2.11.2-5.35.1 fixed
suse enterprise server 12 SP5	3.1.1.1-54.1 fixed
suse enterprise server 15	2.11.2-9.49.1 fixed
suse enterprise server 15 SP1	3.1.1.1-9.30.2 fixed
suse enterprise server 15 SP2	4.2.1-11.25.2 fixed

qemu-block-ssh

suse enterprise sap 12 SP5	3.1.1.1-54.1 fixed
suse enterprise sap 15 SP2	4.2.1-11.25.2 fixed
suse enterprise server 12 SP3	2.9.1-43.65.2 fixed
suse enterprise server 12 SP4	2.11.2-5.35.1 fixed
suse enterprise server 12 SP5	3.1.1.1-54.1 fixed
suse enterprise server 15	2.11.2-9.49.1 fixed
suse enterprise server 15 SP1	3.1.1.1-9.30.2 fixed
suse enterprise server 15 SP2	4.2.1-11.25.2 fixed

qemu-guest-agent

suse enterprise sap 12 SP5	3.1.1.1-54.1 fixed
suse enterprise sap 15 SP2	4.2.1-11.25.2 fixed
suse enterprise server 12 SP3	2.9.1-43.65.2 fixed
suse enterprise server 12 SP4	2.11.2-5.35.1 fixed
suse enterprise server 12 SP5	3.1.1.1-54.1 fixed
suse enterprise server 15	2.11.2-9.49.1 fixed
suse enterprise server 15 SP1	3.1.1.1-9.30.2 fixed
suse enterprise server 15 SP2	4.2.1-11.25.2 fixed

qemu-kvm

suse enterprise sap 12 SP5	3.1.1.1-54.1 fixed
suse enterprise sap 15 SP2	4.2.1-11.25.2 fixed
suse enterprise server 12 SP3	2.9.1-43.65.2 fixed
suse enterprise server 12 SP4	2.11.2-5.35.1 fixed
suse enterprise server 12 SP5	3.1.1.1-54.1 fixed
suse enterprise server 15	2.11.2-9.49.1 fixed
suse enterprise server 15 SP1	3.1.1.1-9.30.2 fixed
suse enterprise server 15 SP2	4.2.1-11.25.2 fixed

qemu-lang

suse enterprise sap 12 SP5	3.1.1.1-54.1 fixed
suse enterprise sap 15 SP2	4.2.1-11.25.2 fixed
suse enterprise server 12 SP3	2.9.1-43.65.2 fixed
suse enterprise server 12 SP4	2.11.2-5.35.1 fixed
suse enterprise server 12 SP5	3.1.1.1-54.1 fixed
suse enterprise server 15	2.11.2-9.49.1 fixed
suse enterprise server 15 SP1	3.1.1.1-9.30.2 fixed
suse enterprise server 15 SP2	4.2.1-11.25.2 fixed

qemu-microvm

suse enterprise sap 15 SP2	4.2.1-11.25.2 fixed
suse enterprise server 15 SP2	4.2.1-11.25.2 fixed

qemu-ppc

suse enterprise sap 12 SP5	3.1.1.1-54.1 fixed
suse enterprise sap 15 SP2	4.2.1-11.25.2 fixed
suse enterprise server 12 SP3	2.9.1-6.53.1 fixed
suse enterprise server 12 SP4	2.11.2-5.35.1 fixed
suse enterprise server 12 SP5	3.1.1.1-54.1 fixed
suse enterprise server 15	2.11.2-9.49.1 fixed
suse enterprise server 15 SP1	3.1.1.1-9.30.2 fixed
suse enterprise server 15 SP2	4.2.1-11.25.2 fixed

qemu-s390

suse enterprise sap 12 SP5	3.1.1.1-54.1 fixed
suse enterprise sap 15 SP2	4.2.1-11.25.2 fixed
suse enterprise server 12 SP3	2.9.1-6.53.1 fixed
suse enterprise server 12 SP4	2.11.2-5.35.1 fixed
suse enterprise server 12 SP5	3.1.1.1-54.1 fixed
suse enterprise server 15	2.11.2-9.49.1 fixed
suse enterprise server 15 SP1	3.1.1.1-9.30.2 fixed
suse enterprise server 15 SP2	4.2.1-11.25.2 fixed

qemu-sgabios-8

suse enterprise sap 12 SP5	54.1 fixed
suse enterprise sap 15 SP2	11.25.2 fixed
suse enterprise server 12 SP3	43.65.2 fixed
suse enterprise server 12 SP4	5.35.1 fixed
suse enterprise server 12 SP5	54.1 fixed
suse enterprise server 15	9.49.1 fixed
suse enterprise server 15 SP1	9.30.2 fixed
suse enterprise server 15 SP2	11.25.2 fixed

qemu-tools

suse enterprise sap 12 SP5	3.1.1.1-54.1 fixed
suse enterprise server 12 SP3	2.9.1-43.65.2 fixed
suse enterprise server 12 SP4	2.11.2-5.35.1 fixed
suse enterprise server 12 SP5	3.1.1.1-54.1 fixed
suse enterprise server 15	2.11.2-9.49.1 fixed
suse enterprise server 15 SP1	3.1.1.1-9.30.2 fixed

qemu-ui-curses

suse enterprise sap 12 SP5	3.1.1.1-54.1 fixed
suse enterprise sap 15 SP2	4.2.1-11.25.2 fixed
suse enterprise server 12 SP5	3.1.1.1-54.1 fixed
suse enterprise server 15 SP1	3.1.1.1-9.30.2 fixed
suse enterprise server 15 SP2	4.2.1-11.25.2 fixed

qemu-ui-gtk

suse enterprise sap 12 SP5	3.1.1.1-54.1 fixed
suse enterprise sap 15 SP2	4.2.1-11.25.2 fixed
suse enterprise server 12 SP5	3.1.1.1-54.1 fixed
suse enterprise server 15 SP1	3.1.1.1-9.30.2 fixed
suse enterprise server 15 SP2	4.2.1-11.25.2 fixed

qemu-ui-sdl

suse enterprise sap 12 SP5	3.1.1.1-54.1 fixed
suse enterprise server 12 SP5	3.1.1.1-54.1 fixed

qemu-ui-spice-app

suse enterprise sap 15 SP2	4.2.1-11.25.2 fixed
suse enterprise server 15 SP2	4.2.1-11.25.2 fixed

qemu-x86

suse enterprise sap 12 SP5	3.1.1.1-54.1 fixed
suse enterprise sap 15 SP2	4.2.1-11.25.2 fixed
suse enterprise server 12 SP3	2.9.1-43.65.2 fixed
suse enterprise server 12 SP4	2.11.2-5.35.1 fixed
suse enterprise server 12 SP5	3.1.1.1-54.1 fixed
suse enterprise server 15	2.11.2-9.49.1 fixed
suse enterprise server 15 SP1	3.1.1.1-9.30.2 fixed
suse enterprise server 15 SP2	4.2.1-11.25.2 fixed

Common Weakness Enumeration

CWE-824 - Access of Uninitialized Pointer
The program accesses or uses a pointer that has not been initialized.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1970484

https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html

https://lists.debian.org/debian-lts-announce/2021/09/msg00004.html

https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCKWZWY64EHTOQMLVLTSZ4AA27EWRJMH/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/

https://security.gentoo.org/glsa/202107-44

https://security.netapp.com/advisory/ntap-20210805-0004/

https://bugzilla.redhat.com/show_bug.cgi?id=1970484

https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html

https://lists.debian.org/debian-lts-announce/2021/09/msg00004.html

https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCKWZWY64EHTOQMLVLTSZ4AA27EWRJMH/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/

https://security.gentoo.org/glsa/202107-44

https://security.netapp.com/advisory/ntap-20210805-0004/