PT-2020-6210 · Qemu Team+8 · Qemu+8

Ziming Zhang

·

Published

2020-07-09

·

Updated

2024-06-15

·

CVE-2020-10756

CVSS v3.1

6.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions QEMU libslirp versions prior to 4.3.1
Description An out-of-bounds read issue was found in the SLiRP networking implementation of the QEMU emulator. This occurs in the icmp6 send echoreply() routine while replying to an ICMP echo request, also known as ping. This allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure.
Recommendations For versions of libslirp prior to 4.3.1, update to version 4.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the icmp6 send echoreply() routine until a patch is available. Avoid using the SLiRP networking implementation in QEMU until the issue is resolved.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2020:4059
ALSA-2020:4694
ALSA-2021:1064
ALT-PU-2020-2509
ALT-PU-2020-2541
BDU:2021-03600
CESA-2020_4059
CESA-2020_4694
CVE-2020-10756
DLA-2288-1
DSA-4728-1
OPENSUSE-SU-2020:0987-1
OPENSUSE-SU-2020:0994-1
OPENSUSE-SU-2020_0987-1
OPENSUSE-SU-2020_0994-1
OPENSUSE-SU-2021:1043-1
OPENSUSE-SU-2021_1043-1
OPENSUSE-SU-2024:10991-1
RHSA-2020:3586
RHSA-2020:4059
RHSA-2020:4694
RHSA-2020_4059
RHSA-2020_4694
RHSA-2021:1064
RLSA-2020:4059
RLSA-2020:4694
SUSE-SU-2020:1915-1
SUSE-SU-2020_1915-1
SUSE-SU-2021:1829-1
SUSE-SU-2021:1837-1
SUSE-SU-2021:1893-1
SUSE-SU-2021:1894-1
SUSE-SU-2021:1895-1
SUSE-SU-2021:1918-1
SUSE-SU-2021:1947-1
USN-4437-1
USN-4467-1
USN-4467-3
ZDI-20-1005

Affected Products

Alt Linux
Almalinux
Centos
Linuxmint
Qemu
Red Hat
Rocky Linux
Suse
Ubuntu