SUSE update for libslirp

1) Release of invalid pointer or reference

EUVDB-ID: #VU54308

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3592

CWE-ID: CWE-763 - Release of invalid pointer or reference

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to invalid pointer initialization within the bootp_input() function while processing UDP packets in the SLiRP networking implementation of QEMU. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host.

Mitigation

Update the affected package libslirp to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server: 15-SP3-LTSS - 15-SP4

SUSE Linux Enterprise High Performance Computing: 15-SP3-LTSS - 15-SP4

SUSE Linux Enterprise Micro: 5.1 - 5.2

openSUSE Leap: 15.3 - 15.4

SUSE Manager Server: 4.2

SUSE Manager Proxy: 4.2

SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4

SUSE Linux Enterprise Module for Server Applications: 15-SP3 - 15-SP4

libslirp0-debuginfo: before 4.3.1-150300.2.7.1

libslirp0: before 4.3.1-150300.2.7.1

libslirp-devel: before 4.3.1-150300.2.7.1

libslirp-debugsource: before 4.3.1-150300.2.7.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20221465-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Release of invalid pointer or reference

EUVDB-ID: #VU54310

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3594

CWE-ID: CWE-763 - Release of invalid pointer or reference

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to invalid pointer initialization within the udp_input() function while processing UDP packets in the SLiRP networking implementation of QEMU. A malicious guest could use this vulnerability to read host memory.

Mitigation

Update the affected package libslirp to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server: 15-SP3-LTSS - 15-SP4

SUSE Linux Enterprise High Performance Computing: 15-SP3-LTSS - 15-SP4

SUSE Linux Enterprise Micro: 5.1 - 5.2

openSUSE Leap: 15.3 - 15.4

SUSE Manager Server: 4.2

SUSE Manager Proxy: 4.2

SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4

SUSE Linux Enterprise Module for Server Applications: 15-SP3 - 15-SP4

libslirp0-debuginfo: before 4.3.1-150300.2.7.1

libslirp0: before 4.3.1-150300.2.7.1

libslirp-devel: before 4.3.1-150300.2.7.1

libslirp-debugsource: before 4.3.1-150300.2.7.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20221465-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Release of invalid pointer or reference

EUVDB-ID: #VU54311

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3595

CWE-ID: CWE-763 - Release of invalid pointer or reference

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to invalid pointer initialization within the tftp_input() function while processing UDP packets in the SLiRP networking implementation of QEMU. A malicious guest could use this vulnerability to read host memory.

Mitigation

Update the affected package libslirp to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server: 15-SP3-LTSS - 15-SP4

SUSE Linux Enterprise High Performance Computing: 15-SP3-LTSS - 15-SP4

SUSE Linux Enterprise Micro: 5.1 - 5.2

openSUSE Leap: 15.3 - 15.4

SUSE Manager Server: 4.2

SUSE Manager Proxy: 4.2

SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4

SUSE Linux Enterprise Module for Server Applications: 15-SP3 - 15-SP4

libslirp0-debuginfo: before 4.3.1-150300.2.7.1

libslirp0: before 4.3.1-150300.2.7.1

libslirp-devel: before 4.3.1-150300.2.7.1

libslirp-debugsource: before 4.3.1-150300.2.7.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20221465-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.