Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-3595 (GCVE-0-2021-3595)
Vulnerability from cvelistv5 – Published: 2021-06-15 00:00 – Updated: 2024-08-03 17:01
VLAI
EPSS
Summary
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.
Severity
No CVSS data available.
CWE
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1970489 | |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://security.gentoo.org/glsa/202107-44 | vendor-advisory |
| https://security.netapp.com/advisory/ntap-2021080… | |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-list |
| https://lists.debian.org/debian-lts-announce/2023… | mailing-list |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970489"
},
{
"name": "FEDORA-2021-71de23bedd",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCKWZWY64EHTOQMLVLTSZ4AA27EWRJMH/"
},
{
"name": "FEDORA-2021-7cd749f133",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/"
},
{
"name": "GLSA-202107-44",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-44"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210805-0004/"
},
{
"name": "[debian-lts-announce] 20210902 [SECURITY] [DLA 2753-1] qemu security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html"
},
{
"name": "[debian-lts-announce] 20230314 [SECURITY] [DLA 3362-1] qemu security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "libslirp 4.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the \u0027tftp_t\u0027 structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-14T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970489"
},
{
"name": "FEDORA-2021-71de23bedd",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCKWZWY64EHTOQMLVLTSZ4AA27EWRJMH/"
},
{
"name": "FEDORA-2021-7cd749f133",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/"
},
{
"name": "GLSA-202107-44",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202107-44"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210805-0004/"
},
{
"name": "[debian-lts-announce] 20210902 [SECURITY] [DLA 2753-1] qemu security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html"
},
{
"name": "[debian-lts-announce] 20230314 [SECURITY] [DLA 3362-1] qemu security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3595",
"datePublished": "2021-06-15T00:00:00.000Z",
"dateReserved": "2021-06-10T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:01:07.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-3595",
"date": "2026-05-29",
"epss": "0.00025",
"percentile": "0.07425"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-3595\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2021-06-15T21:15:10.643\",\"lastModified\":\"2024-11-21T06:21:55.777\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the \u0027tftp_t\u0027 structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.\"},{\"lang\":\"es\",\"value\":\"Se ha encontrado un problema de inicializaci\u00f3n de puntero no v\u00e1lido en la implementaci\u00f3n de redes SLiRP de QEMU. El fallo se presenta en la funci\u00f3n tftp_input() y podr\u00eda ocurrir mientras se procesa un paquete udp m\u00e1s peque\u00f1o que el tama\u00f1o de la estructura \\\"tftp_t\\\". Este problema puede conllevar a un acceso de lectura fuera de l\u00edmites o a una divulgaci\u00f3n indirecta de la memoria del host al invitado. La mayor amenaza de esta vulnerabilidad es la confidencialidad de los datos. Este fallo afecta a libslirp versiones anteriores a 4.6.0\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N\",\"baseScore\":3.8,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.0,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-824\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libslirp_project:libslirp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.6.0\",\"matchCriteriaId\":\"AE2D40D8-B587-4714-AAD2-27876A5B92AF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*\",\"matchCriteriaId\":\"3AA08768-75AF-4791-B229-AE938C780959\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1970489\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCKWZWY64EHTOQMLVLTSZ4AA27EWRJMH/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.gentoo.org/glsa/202107-44\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20210805-0004/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1970489\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCKWZWY64EHTOQMLVLTSZ4AA27EWRJMH/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202107-44\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20210805-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
SUSE-SU-2021:3322-1
Vulnerability from csaf_suse - Published: 2021-10-07 16:23 - Updated: 2021-10-07 16:23Summary
Security update for xen
Severity
Moderate
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
- CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling (XSA-384) (bsc#1189632).
- CVE-2021-28694,CVE-2021-28695,CVE-2021-28696: Fixed IOMMU page mapping issues on x86 (XSA-378)(bsc#1189373).
- CVE-2021-28697: Fixed grant table v2 status pages that may remain accessible after de-allocation (XSA-379)(bsc#1189376).
- CVE-2021-28698: Fixed long running loops in grant table handling (XSA-380)(bsc#1189378).
- CVE-2021-20255: Fixed eepro100 stack overflow via infinite recursion (bsc#1182654).
- CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187369).
- CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187378).
- CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187376).
- CVE-2021-28692: Fixed inappropriate x86 IOMMU timeout detection / handling (XSA-373)(bsc#1186429).
- CVE-2021-0089: Fixed Speculative Code Store Bypass (XSA-375)(bsc#1186433).
- CVE-2021-28690: Fixed x86 TSX Async Abort protections not restored after S3 (XSA-377)(bsc#1186434).
- Prevent superpage allocation in the LAPIC and ACPI_INFO range (bsc#1189882).
Patchnames: SUSE-2021-3322,SUSE-SLE-SERVER-12-SP2-BCL-2021-3322
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.6 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.2 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.4 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.4 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.4 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
References
61 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling (XSA-384) (bsc#1189632).\n\n- CVE-2021-28694,CVE-2021-28695,CVE-2021-28696: Fixed IOMMU page mapping issues on x86 (XSA-378)(bsc#1189373).\n- CVE-2021-28697: Fixed grant table v2 status pages that may remain accessible after de-allocation (XSA-379)(bsc#1189376).\n- CVE-2021-28698: Fixed long running loops in grant table handling (XSA-380)(bsc#1189378).\n- CVE-2021-20255: Fixed eepro100 stack overflow via infinite recursion (bsc#1182654).\n- CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187369).\n- CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187378).\n- CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187376).\n- CVE-2021-28692: Fixed inappropriate x86 IOMMU timeout detection / handling (XSA-373)(bsc#1186429).\n- CVE-2021-0089: Fixed Speculative Code Store Bypass (XSA-375)(bsc#1186433).\n- CVE-2021-28690: Fixed x86 TSX Async Abort protections not restored after S3 (XSA-377)(bsc#1186434).\n\n- Prevent superpage allocation in the LAPIC and ACPI_INFO range (bsc#1189882).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2021-3322,SUSE-SLE-SERVER-12-SP2-BCL-2021-3322",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_3322-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:3322-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20213322-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:3322-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-October/009548.html"
},
{
"category": "self",
"summary": "SUSE Bug 1182654",
"url": "https://bugzilla.suse.com/1182654"
},
{
"category": "self",
"summary": "SUSE Bug 1186429",
"url": "https://bugzilla.suse.com/1186429"
},
{
"category": "self",
"summary": "SUSE Bug 1186433",
"url": "https://bugzilla.suse.com/1186433"
},
{
"category": "self",
"summary": "SUSE Bug 1186434",
"url": "https://bugzilla.suse.com/1186434"
},
{
"category": "self",
"summary": "SUSE Bug 1187369",
"url": "https://bugzilla.suse.com/1187369"
},
{
"category": "self",
"summary": "SUSE Bug 1187376",
"url": "https://bugzilla.suse.com/1187376"
},
{
"category": "self",
"summary": "SUSE Bug 1187378",
"url": "https://bugzilla.suse.com/1187378"
},
{
"category": "self",
"summary": "SUSE Bug 1189373",
"url": "https://bugzilla.suse.com/1189373"
},
{
"category": "self",
"summary": "SUSE Bug 1189376",
"url": "https://bugzilla.suse.com/1189376"
},
{
"category": "self",
"summary": "SUSE Bug 1189378",
"url": "https://bugzilla.suse.com/1189378"
},
{
"category": "self",
"summary": "SUSE Bug 1189632",
"url": "https://bugzilla.suse.com/1189632"
},
{
"category": "self",
"summary": "SUSE Bug 1189882",
"url": "https://bugzilla.suse.com/1189882"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-0089 page",
"url": "https://www.suse.com/security/cve/CVE-2021-0089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20255 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20255/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-28690 page",
"url": "https://www.suse.com/security/cve/CVE-2021-28690/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-28692 page",
"url": "https://www.suse.com/security/cve/CVE-2021-28692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-28694 page",
"url": "https://www.suse.com/security/cve/CVE-2021-28694/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-28695 page",
"url": "https://www.suse.com/security/cve/CVE-2021-28695/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-28696 page",
"url": "https://www.suse.com/security/cve/CVE-2021-28696/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-28697 page",
"url": "https://www.suse.com/security/cve/CVE-2021-28697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-28698 page",
"url": "https://www.suse.com/security/cve/CVE-2021-28698/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-28701 page",
"url": "https://www.suse.com/security/cve/CVE-2021-28701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3592 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3592/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3594 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3594/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3595 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3595/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2021-10-07T16:23:05Z",
"generator": {
"date": "2021-10-07T16:23:05Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:3322-1",
"initial_release_date": "2021-10-07T16:23:05Z",
"revision_history": [
{
"date": "2021-10-07T16:23:05Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.7.6_16-43.79.5.aarch64",
"product": {
"name": "xen-4.7.6_16-43.79.5.aarch64",
"product_id": "xen-4.7.6_16-43.79.5.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.7.6_16-43.79.5.aarch64",
"product": {
"name": "xen-devel-4.7.6_16-43.79.5.aarch64",
"product_id": "xen-devel-4.7.6_16-43.79.5.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.7.6_16-43.79.5.aarch64",
"product": {
"name": "xen-doc-html-4.7.6_16-43.79.5.aarch64",
"product_id": "xen-doc-html-4.7.6_16-43.79.5.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.7.6_16-43.79.5.aarch64",
"product": {
"name": "xen-libs-4.7.6_16-43.79.5.aarch64",
"product_id": "xen-libs-4.7.6_16-43.79.5.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.7.6_16-43.79.5.aarch64",
"product": {
"name": "xen-tools-4.7.6_16-43.79.5.aarch64",
"product_id": "xen-tools-4.7.6_16-43.79.5.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.7.6_16-43.79.5.aarch64",
"product": {
"name": "xen-tools-domU-4.7.6_16-43.79.5.aarch64",
"product_id": "xen-tools-domU-4.7.6_16-43.79.5.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.7.6_16-43.79.5.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.7.6_16-43.79.5.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.7.6_16-43.79.5.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.7.6_16-43.79.5.i586",
"product": {
"name": "xen-devel-4.7.6_16-43.79.5.i586",
"product_id": "xen-devel-4.7.6_16-43.79.5.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.7.6_16-43.79.5.i586",
"product": {
"name": "xen-libs-4.7.6_16-43.79.5.i586",
"product_id": "xen-libs-4.7.6_16-43.79.5.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.7.6_16-43.79.5.i586",
"product": {
"name": "xen-tools-domU-4.7.6_16-43.79.5.i586",
"product_id": "xen-tools-domU-4.7.6_16-43.79.5.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.7.6_16-43.79.5.x86_64",
"product": {
"name": "xen-4.7.6_16-43.79.5.x86_64",
"product_id": "xen-4.7.6_16-43.79.5.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.7.6_16-43.79.5.x86_64",
"product": {
"name": "xen-devel-4.7.6_16-43.79.5.x86_64",
"product_id": "xen-devel-4.7.6_16-43.79.5.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.7.6_16-43.79.5.x86_64",
"product": {
"name": "xen-doc-html-4.7.6_16-43.79.5.x86_64",
"product_id": "xen-doc-html-4.7.6_16-43.79.5.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.7.6_16-43.79.5.x86_64",
"product": {
"name": "xen-libs-4.7.6_16-43.79.5.x86_64",
"product_id": "xen-libs-4.7.6_16-43.79.5.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"product": {
"name": "xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"product_id": "xen-libs-32bit-4.7.6_16-43.79.5.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.7.6_16-43.79.5.x86_64",
"product": {
"name": "xen-tools-4.7.6_16-43.79.5.x86_64",
"product_id": "xen-tools-4.7.6_16-43.79.5.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.7.6_16-43.79.5.x86_64",
"product": {
"name": "xen-tools-domU-4.7.6_16-43.79.5.x86_64",
"product_id": "xen-tools-domU-4.7.6_16-43.79.5.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.7.6_16-43.79.5.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64"
},
"product_reference": "xen-4.7.6_16-43.79.5.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.7.6_16-43.79.5.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64"
},
"product_reference": "xen-doc-html-4.7.6_16-43.79.5.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.7.6_16-43.79.5.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64"
},
"product_reference": "xen-libs-4.7.6_16-43.79.5.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.7.6_16-43.79.5.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64"
},
"product_reference": "xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.7.6_16-43.79.5.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64"
},
"product_reference": "xen-tools-4.7.6_16-43.79.5.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.7.6_16-43.79.5.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
},
"product_reference": "xen-tools-domU-4.7.6_16-43.79.5.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-0089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-0089"
}
],
"notes": [
{
"category": "general",
"text": "Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-0089",
"url": "https://www.suse.com/security/cve/CVE-2021-0089"
},
{
"category": "external",
"summary": "SUSE Bug 1186433 for CVE-2021-0089",
"url": "https://bugzilla.suse.com/1186433"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-07T16:23:05Z",
"details": "moderate"
}
],
"title": "CVE-2021-0089"
},
{
"cve": "CVE-2021-20255",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20255"
}
],
"notes": [
{
"category": "general",
"text": "A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20255",
"url": "https://www.suse.com/security/cve/CVE-2021-20255"
},
{
"category": "external",
"summary": "SUSE Bug 1182651 for CVE-2021-20255",
"url": "https://bugzilla.suse.com/1182651"
},
{
"category": "external",
"summary": "SUSE Bug 1182654 for CVE-2021-20255",
"url": "https://bugzilla.suse.com/1182654"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-07T16:23:05Z",
"details": "low"
}
],
"title": "CVE-2021-20255"
},
{
"cve": "CVE-2021-28690",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-28690"
}
],
"notes": [
{
"category": "general",
"text": "x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires selecting a non-default setting in MSR_TSX_CTRL. This setting isn\u0027t restored after S3 suspend.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-28690",
"url": "https://www.suse.com/security/cve/CVE-2021-28690"
},
{
"category": "external",
"summary": "SUSE Bug 1186434 for CVE-2021-28690",
"url": "https://bugzilla.suse.com/1186434"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-07T16:23:05Z",
"details": "moderate"
}
],
"title": "CVE-2021-28690"
},
{
"cve": "CVE-2021-28692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-28692"
}
],
"notes": [
{
"category": "general",
"text": "inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. In the current implementation in Xen, asynchronous notification of the completion of such commands is not used. Instead, the issuing CPU spin-waits for the completion of the most recently issued command(s). Some of these waiting loops try to apply a timeout to fail overly-slow commands. The course of action upon a perceived timeout actually being detected is inappropriate: - on Intel hardware guests which did not originally cause the timeout may be marked as crashed, - on AMD hardware higher layer callers would not be notified of the issue, making them continue as if the IOMMU operation succeeded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-28692",
"url": "https://www.suse.com/security/cve/CVE-2021-28692"
},
{
"category": "external",
"summary": "SUSE Bug 1186429 for CVE-2021-28692",
"url": "https://bugzilla.suse.com/1186429"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-07T16:23:05Z",
"details": "moderate"
}
],
"title": "CVE-2021-28692"
},
{
"cve": "CVE-2021-28694",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-28694"
}
],
"notes": [
{
"category": "general",
"text": "IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn\u0027t have access to anymore (CVE-2021-28696).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-28694",
"url": "https://www.suse.com/security/cve/CVE-2021-28694"
},
{
"category": "external",
"summary": "SUSE Bug 1189373 for CVE-2021-28694",
"url": "https://bugzilla.suse.com/1189373"
},
{
"category": "external",
"summary": "SUSE Bug 1189980 for CVE-2021-28694",
"url": "https://bugzilla.suse.com/1189980"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-07T16:23:05Z",
"details": "important"
}
],
"title": "CVE-2021-28694"
},
{
"cve": "CVE-2021-28695",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-28695"
}
],
"notes": [
{
"category": "general",
"text": "IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn\u0027t have access to anymore (CVE-2021-28696).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-28695",
"url": "https://www.suse.com/security/cve/CVE-2021-28695"
},
{
"category": "external",
"summary": "SUSE Bug 1189373 for CVE-2021-28695",
"url": "https://bugzilla.suse.com/1189373"
},
{
"category": "external",
"summary": "SUSE Bug 1189980 for CVE-2021-28695",
"url": "https://bugzilla.suse.com/1189980"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-07T16:23:05Z",
"details": "important"
}
],
"title": "CVE-2021-28695"
},
{
"cve": "CVE-2021-28696",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-28696"
}
],
"notes": [
{
"category": "general",
"text": "IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn\u0027t have access to anymore (CVE-2021-28696).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-28696",
"url": "https://www.suse.com/security/cve/CVE-2021-28696"
},
{
"category": "external",
"summary": "SUSE Bug 1189373 for CVE-2021-28696",
"url": "https://bugzilla.suse.com/1189373"
},
{
"category": "external",
"summary": "SUSE Bug 1189980 for CVE-2021-28696",
"url": "https://bugzilla.suse.com/1189980"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-07T16:23:05Z",
"details": "important"
}
],
"title": "CVE-2021-28696"
},
{
"cve": "CVE-2021-28697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-28697"
}
],
"notes": [
{
"category": "general",
"text": "grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest switched (back) from v2 to v1. The freeing of such pages requires that the hypervisor know where in the guest these pages were mapped. The hypervisor tracks only one use within guest space, but racing requests from the guest to insert mappings of these pages may result in any of them to become mapped in multiple locations. Upon switching back from v2 to v1, the guest would then retain access to a page that was freed and perhaps re-used for other purposes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-28697",
"url": "https://www.suse.com/security/cve/CVE-2021-28697"
},
{
"category": "external",
"summary": "SUSE Bug 1189376 for CVE-2021-28697",
"url": "https://bugzilla.suse.com/1189376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-07T16:23:05Z",
"details": "important"
}
],
"title": "CVE-2021-28697"
},
{
"cve": "CVE-2021-28698",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-28698"
}
],
"notes": [
{
"category": "general",
"text": "long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. In the process of carrying out certain actions, Xen would iterate over all such entries, including ones which aren\u0027t in use anymore and some which may have been created but never used. If the number of entries for a given domain is large enough, this iterating of the entire table may tie up a CPU for too long, starving other domains or causing issues in the hypervisor itself. Note that a domain may map its own grants, i.e. there is no need for multiple domains to be involved here. A pair of \"cooperating\" guests may, however, cause the effects to be more severe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-28698",
"url": "https://www.suse.com/security/cve/CVE-2021-28698"
},
{
"category": "external",
"summary": "SUSE Bug 1189378 for CVE-2021-28698",
"url": "https://bugzilla.suse.com/1189378"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-07T16:23:05Z",
"details": "moderate"
}
],
"title": "CVE-2021-28698"
},
{
"cve": "CVE-2021-28701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-28701"
}
],
"notes": [
{
"category": "general",
"text": "Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from v2 to v1. Freeing such pages requires that the hypervisor enforce that no parallel request can result in the addition of a mapping of such a page to a guest. That enforcement was missing, allowing guests to retain access to pages that were freed and perhaps re-used for other purposes. Unfortunately, when XSA-379 was being prepared, this similar issue was not noticed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-28701",
"url": "https://www.suse.com/security/cve/CVE-2021-28701"
},
{
"category": "external",
"summary": "SUSE Bug 1189632 for CVE-2021-28701",
"url": "https://bugzilla.suse.com/1189632"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-07T16:23:05Z",
"details": "important"
}
],
"title": "CVE-2021-28701"
},
{
"cve": "CVE-2021-3592",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3592"
}
],
"notes": [
{
"category": "general",
"text": "An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the \u0027bootp_t\u0027 structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3592",
"url": "https://www.suse.com/security/cve/CVE-2021-3592"
},
{
"category": "external",
"summary": "SUSE Bug 1187364 for CVE-2021-3592",
"url": "https://bugzilla.suse.com/1187364"
},
{
"category": "external",
"summary": "SUSE Bug 1187369 for CVE-2021-3592",
"url": "https://bugzilla.suse.com/1187369"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-07T16:23:05Z",
"details": "low"
}
],
"title": "CVE-2021-3592"
},
{
"cve": "CVE-2021-3594",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3594"
}
],
"notes": [
{
"category": "general",
"text": "An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the \u0027udphdr\u0027 structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3594",
"url": "https://www.suse.com/security/cve/CVE-2021-3594"
},
{
"category": "external",
"summary": "SUSE Bug 1187367 for CVE-2021-3594",
"url": "https://bugzilla.suse.com/1187367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-07T16:23:05Z",
"details": "low"
}
],
"title": "CVE-2021-3594"
},
{
"cve": "CVE-2021-3595",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3595"
}
],
"notes": [
{
"category": "general",
"text": "An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the \u0027tftp_t\u0027 structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3595",
"url": "https://www.suse.com/security/cve/CVE-2021-3595"
},
{
"category": "external",
"summary": "SUSE Bug 1187366 for CVE-2021-3595",
"url": "https://bugzilla.suse.com/1187366"
},
{
"category": "external",
"summary": "SUSE Bug 1187376 for CVE-2021-3595",
"url": "https://bugzilla.suse.com/1187376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_16-43.79.5.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_16-43.79.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-07T16:23:05Z",
"details": "low"
}
],
"title": "CVE-2021-3595"
}
]
}
SUSE-SU-2022:1465-1
Vulnerability from csaf_suse - Published: 2022-04-29 09:36 - Updated: 2022-04-29 09:36Summary
Security update for libslirp
Severity
Important
Notes
Title of the patch: Security update for libslirp
Description of the patch: This update for libslirp fixes the following issues:
- CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364).
- CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367).
- CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366).
- Fix a dhcp regression [bsc#1198773]
Patchnames: SUSE-2022-1465,SUSE-SLE-Module-Server-Applications-15-SP3-2022-1465,SUSE-SLE-Module-Server-Applications-15-SP4-2022-1465,SUSE-SUSE-MicroOS-5.1-2022-1465,SUSE-SUSE-MicroOS-5.2-2022-1465,openSUSE-SLE-15.3-2022-1465,openSUSE-SLE-15.4-2022-1465
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
References
19 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libslirp",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libslirp fixes the following issues:\n\n- CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364).\n- CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367).\n- CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366).\n- Fix a dhcp regression [bsc#1198773]\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-1465,SUSE-SLE-Module-Server-Applications-15-SP3-2022-1465,SUSE-SLE-Module-Server-Applications-15-SP4-2022-1465,SUSE-SUSE-MicroOS-5.1-2022-1465,SUSE-SUSE-MicroOS-5.2-2022-1465,openSUSE-SLE-15.3-2022-1465,openSUSE-SLE-15.4-2022-1465",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_1465-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:1465-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221465-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:1465-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010895.html"
},
{
"category": "self",
"summary": "SUSE Bug 1187364",
"url": "https://bugzilla.suse.com/1187364"
},
{
"category": "self",
"summary": "SUSE Bug 1187366",
"url": "https://bugzilla.suse.com/1187366"
},
{
"category": "self",
"summary": "SUSE Bug 1187367",
"url": "https://bugzilla.suse.com/1187367"
},
{
"category": "self",
"summary": "SUSE Bug 1198773",
"url": "https://bugzilla.suse.com/1198773"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3592 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3592/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3594 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3594/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3595 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3595/"
}
],
"title": "Security update for libslirp",
"tracking": {
"current_release_date": "2022-04-29T09:36:14Z",
"generator": {
"date": "2022-04-29T09:36:14Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:1465-1",
"initial_release_date": "2022-04-29T09:36:14Z",
"revision_history": [
{
"date": "2022-04-29T09:36:14Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libslirp-devel-4.3.1-150300.2.7.1.aarch64",
"product": {
"name": "libslirp-devel-4.3.1-150300.2.7.1.aarch64",
"product_id": "libslirp-devel-4.3.1-150300.2.7.1.aarch64"
}
},
{
"category": "product_version",
"name": "libslirp0-4.3.1-150300.2.7.1.aarch64",
"product": {
"name": "libslirp0-4.3.1-150300.2.7.1.aarch64",
"product_id": "libslirp0-4.3.1-150300.2.7.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libslirp-devel-4.3.1-150300.2.7.1.i586",
"product": {
"name": "libslirp-devel-4.3.1-150300.2.7.1.i586",
"product_id": "libslirp-devel-4.3.1-150300.2.7.1.i586"
}
},
{
"category": "product_version",
"name": "libslirp0-4.3.1-150300.2.7.1.i586",
"product": {
"name": "libslirp0-4.3.1-150300.2.7.1.i586",
"product_id": "libslirp0-4.3.1-150300.2.7.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libslirp-devel-4.3.1-150300.2.7.1.ppc64le",
"product": {
"name": "libslirp-devel-4.3.1-150300.2.7.1.ppc64le",
"product_id": "libslirp-devel-4.3.1-150300.2.7.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libslirp0-4.3.1-150300.2.7.1.ppc64le",
"product": {
"name": "libslirp0-4.3.1-150300.2.7.1.ppc64le",
"product_id": "libslirp0-4.3.1-150300.2.7.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libslirp-devel-4.3.1-150300.2.7.1.s390x",
"product": {
"name": "libslirp-devel-4.3.1-150300.2.7.1.s390x",
"product_id": "libslirp-devel-4.3.1-150300.2.7.1.s390x"
}
},
{
"category": "product_version",
"name": "libslirp0-4.3.1-150300.2.7.1.s390x",
"product": {
"name": "libslirp0-4.3.1-150300.2.7.1.s390x",
"product_id": "libslirp0-4.3.1-150300.2.7.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libslirp-devel-4.3.1-150300.2.7.1.x86_64",
"product": {
"name": "libslirp-devel-4.3.1-150300.2.7.1.x86_64",
"product_id": "libslirp-devel-4.3.1-150300.2.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "libslirp0-4.3.1-150300.2.7.1.x86_64",
"product": {
"name": "libslirp0-4.3.1-150300.2.7.1.x86_64",
"product_id": "libslirp0-4.3.1-150300.2.7.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp-devel-4.3.1-150300.2.7.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.aarch64"
},
"product_reference": "libslirp-devel-4.3.1-150300.2.7.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp-devel-4.3.1-150300.2.7.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.ppc64le"
},
"product_reference": "libslirp-devel-4.3.1-150300.2.7.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp-devel-4.3.1-150300.2.7.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.s390x"
},
"product_reference": "libslirp-devel-4.3.1-150300.2.7.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp-devel-4.3.1-150300.2.7.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.x86_64"
},
"product_reference": "libslirp-devel-4.3.1-150300.2.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.2.7.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.aarch64"
},
"product_reference": "libslirp0-4.3.1-150300.2.7.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.2.7.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.ppc64le"
},
"product_reference": "libslirp0-4.3.1-150300.2.7.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.2.7.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.s390x"
},
"product_reference": "libslirp0-4.3.1-150300.2.7.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.2.7.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.x86_64"
},
"product_reference": "libslirp0-4.3.1-150300.2.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.2.7.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.aarch64"
},
"product_reference": "libslirp0-4.3.1-150300.2.7.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.2.7.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.s390x"
},
"product_reference": "libslirp0-4.3.1-150300.2.7.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.2.7.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.x86_64"
},
"product_reference": "libslirp0-4.3.1-150300.2.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.2.7.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.aarch64"
},
"product_reference": "libslirp0-4.3.1-150300.2.7.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.2.7.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.s390x"
},
"product_reference": "libslirp0-4.3.1-150300.2.7.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.2.7.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.x86_64"
},
"product_reference": "libslirp0-4.3.1-150300.2.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp-devel-4.3.1-150300.2.7.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.aarch64"
},
"product_reference": "libslirp-devel-4.3.1-150300.2.7.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp-devel-4.3.1-150300.2.7.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.ppc64le"
},
"product_reference": "libslirp-devel-4.3.1-150300.2.7.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp-devel-4.3.1-150300.2.7.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.s390x"
},
"product_reference": "libslirp-devel-4.3.1-150300.2.7.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp-devel-4.3.1-150300.2.7.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.x86_64"
},
"product_reference": "libslirp-devel-4.3.1-150300.2.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.2.7.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.aarch64"
},
"product_reference": "libslirp0-4.3.1-150300.2.7.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.2.7.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.ppc64le"
},
"product_reference": "libslirp0-4.3.1-150300.2.7.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.2.7.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.s390x"
},
"product_reference": "libslirp0-4.3.1-150300.2.7.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.2.7.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.x86_64"
},
"product_reference": "libslirp0-4.3.1-150300.2.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp-devel-4.3.1-150300.2.7.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.aarch64"
},
"product_reference": "libslirp-devel-4.3.1-150300.2.7.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp-devel-4.3.1-150300.2.7.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.ppc64le"
},
"product_reference": "libslirp-devel-4.3.1-150300.2.7.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp-devel-4.3.1-150300.2.7.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.s390x"
},
"product_reference": "libslirp-devel-4.3.1-150300.2.7.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp-devel-4.3.1-150300.2.7.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.x86_64"
},
"product_reference": "libslirp-devel-4.3.1-150300.2.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.2.7.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.aarch64"
},
"product_reference": "libslirp0-4.3.1-150300.2.7.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.2.7.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.ppc64le"
},
"product_reference": "libslirp0-4.3.1-150300.2.7.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.2.7.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.s390x"
},
"product_reference": "libslirp0-4.3.1-150300.2.7.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.2.7.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.x86_64"
},
"product_reference": "libslirp0-4.3.1-150300.2.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3592",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3592"
}
],
"notes": [
{
"category": "general",
"text": "An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the \u0027bootp_t\u0027 structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.x86_64",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.aarch64",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.ppc64le",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.s390x",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.x86_64",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.aarch64",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.ppc64le",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.s390x",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.x86_64",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.aarch64",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.ppc64le",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.s390x",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.x86_64",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.aarch64",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.ppc64le",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.s390x",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3592",
"url": "https://www.suse.com/security/cve/CVE-2021-3592"
},
{
"category": "external",
"summary": "SUSE Bug 1187364 for CVE-2021-3592",
"url": "https://bugzilla.suse.com/1187364"
},
{
"category": "external",
"summary": "SUSE Bug 1187369 for CVE-2021-3592",
"url": "https://bugzilla.suse.com/1187369"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.x86_64",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.aarch64",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.ppc64le",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.s390x",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.x86_64",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.aarch64",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.ppc64le",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.s390x",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.x86_64",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.aarch64",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.ppc64le",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.s390x",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.x86_64",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.aarch64",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.ppc64le",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.s390x",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.x86_64",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.aarch64",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.ppc64le",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.s390x",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.x86_64",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.aarch64",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.ppc64le",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.s390x",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.x86_64",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.aarch64",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.ppc64le",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.s390x",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.x86_64",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.aarch64",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.ppc64le",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.s390x",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-29T09:36:14Z",
"details": "low"
}
],
"title": "CVE-2021-3592"
},
{
"cve": "CVE-2021-3594",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3594"
}
],
"notes": [
{
"category": "general",
"text": "An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the \u0027udphdr\u0027 structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.x86_64",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.aarch64",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.ppc64le",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.s390x",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.x86_64",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.aarch64",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.ppc64le",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.s390x",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.x86_64",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.aarch64",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.ppc64le",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.s390x",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.x86_64",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.aarch64",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.ppc64le",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.s390x",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3594",
"url": "https://www.suse.com/security/cve/CVE-2021-3594"
},
{
"category": "external",
"summary": "SUSE Bug 1187367 for CVE-2021-3594",
"url": "https://bugzilla.suse.com/1187367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.x86_64",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.aarch64",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.ppc64le",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.s390x",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.x86_64",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.aarch64",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.ppc64le",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.s390x",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.x86_64",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.aarch64",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.ppc64le",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.s390x",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.x86_64",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.aarch64",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.ppc64le",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.s390x",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.x86_64",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.aarch64",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.ppc64le",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.s390x",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.x86_64",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.aarch64",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.ppc64le",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.s390x",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.x86_64",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.aarch64",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.ppc64le",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.s390x",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.x86_64",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.aarch64",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.ppc64le",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.s390x",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-29T09:36:14Z",
"details": "low"
}
],
"title": "CVE-2021-3594"
},
{
"cve": "CVE-2021-3595",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3595"
}
],
"notes": [
{
"category": "general",
"text": "An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the \u0027tftp_t\u0027 structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.x86_64",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.aarch64",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.ppc64le",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.s390x",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.x86_64",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.aarch64",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.ppc64le",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.s390x",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.x86_64",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.aarch64",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.ppc64le",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.s390x",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.x86_64",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.aarch64",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.ppc64le",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.s390x",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3595",
"url": "https://www.suse.com/security/cve/CVE-2021-3595"
},
{
"category": "external",
"summary": "SUSE Bug 1187366 for CVE-2021-3595",
"url": "https://bugzilla.suse.com/1187366"
},
{
"category": "external",
"summary": "SUSE Bug 1187376 for CVE-2021-3595",
"url": "https://bugzilla.suse.com/1187376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.x86_64",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.aarch64",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.ppc64le",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.s390x",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.x86_64",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.aarch64",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.ppc64le",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.s390x",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.x86_64",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.aarch64",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.ppc64le",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.s390x",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.x86_64",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.aarch64",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.ppc64le",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.s390x",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.2.7.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.2.7.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.2.7.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.2.7.1.x86_64",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.aarch64",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.ppc64le",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.s390x",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.2.7.1.x86_64",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.aarch64",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.ppc64le",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.s390x",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.2.7.1.x86_64",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.aarch64",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.ppc64le",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.s390x",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.2.7.1.x86_64",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.aarch64",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.ppc64le",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.s390x",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.2.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-29T09:36:14Z",
"details": "low"
}
],
"title": "CVE-2021-3595"
}
]
}
SUSE-SU-2022:1730-1
Vulnerability from csaf_suse - Published: 2022-05-18 14:56 - Updated: 2022-05-18 14:56Summary
Security update for libslirp
Severity
Important
Notes
Title of the patch: Security update for libslirp
Description of the patch: This update for libslirp fixes the following issues:
- CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364).
- CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367).
- CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366).
- Fix a dhcp regression [bsc#1198773]
Patchnames: SUSE-2022-1730,SUSE-SLE-Module-Server-Applications-15-SP3-2022-1730,SUSE-SLE-Module-Server-Applications-15-SP4-2022-1730,SUSE-SUSE-MicroOS-5.1-2022-1730,SUSE-SUSE-MicroOS-5.2-2022-1730,openSUSE-SLE-15.3-2022-1730,openSUSE-SLE-15.4-2022-1730
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
References
19 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libslirp",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libslirp fixes the following issues:\n\n- CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364).\n- CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367).\n- CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366).\n- Fix a dhcp regression [bsc#1198773]\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-1730,SUSE-SLE-Module-Server-Applications-15-SP3-2022-1730,SUSE-SLE-Module-Server-Applications-15-SP4-2022-1730,SUSE-SUSE-MicroOS-5.1-2022-1730,SUSE-SUSE-MicroOS-5.2-2022-1730,openSUSE-SLE-15.3-2022-1730,openSUSE-SLE-15.4-2022-1730",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_1730-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:1730-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221730-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:1730-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-May/011076.html"
},
{
"category": "self",
"summary": "SUSE Bug 1187364",
"url": "https://bugzilla.suse.com/1187364"
},
{
"category": "self",
"summary": "SUSE Bug 1187366",
"url": "https://bugzilla.suse.com/1187366"
},
{
"category": "self",
"summary": "SUSE Bug 1187367",
"url": "https://bugzilla.suse.com/1187367"
},
{
"category": "self",
"summary": "SUSE Bug 1198773",
"url": "https://bugzilla.suse.com/1198773"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3592 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3592/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3594 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3594/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3595 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3595/"
}
],
"title": "Security update for libslirp",
"tracking": {
"current_release_date": "2022-05-18T14:56:39Z",
"generator": {
"date": "2022-05-18T14:56:39Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:1730-1",
"initial_release_date": "2022-05-18T14:56:39Z",
"revision_history": [
{
"date": "2022-05-18T14:56:39Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libslirp-devel-4.3.1-150300.6.2.aarch64",
"product": {
"name": "libslirp-devel-4.3.1-150300.6.2.aarch64",
"product_id": "libslirp-devel-4.3.1-150300.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "libslirp0-4.3.1-150300.6.2.aarch64",
"product": {
"name": "libslirp0-4.3.1-150300.6.2.aarch64",
"product_id": "libslirp0-4.3.1-150300.6.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libslirp-devel-4.3.1-150300.6.2.i586",
"product": {
"name": "libslirp-devel-4.3.1-150300.6.2.i586",
"product_id": "libslirp-devel-4.3.1-150300.6.2.i586"
}
},
{
"category": "product_version",
"name": "libslirp0-4.3.1-150300.6.2.i586",
"product": {
"name": "libslirp0-4.3.1-150300.6.2.i586",
"product_id": "libslirp0-4.3.1-150300.6.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libslirp-devel-4.3.1-150300.6.2.ppc64le",
"product": {
"name": "libslirp-devel-4.3.1-150300.6.2.ppc64le",
"product_id": "libslirp-devel-4.3.1-150300.6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libslirp0-4.3.1-150300.6.2.ppc64le",
"product": {
"name": "libslirp0-4.3.1-150300.6.2.ppc64le",
"product_id": "libslirp0-4.3.1-150300.6.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libslirp-devel-4.3.1-150300.6.2.s390x",
"product": {
"name": "libslirp-devel-4.3.1-150300.6.2.s390x",
"product_id": "libslirp-devel-4.3.1-150300.6.2.s390x"
}
},
{
"category": "product_version",
"name": "libslirp0-4.3.1-150300.6.2.s390x",
"product": {
"name": "libslirp0-4.3.1-150300.6.2.s390x",
"product_id": "libslirp0-4.3.1-150300.6.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libslirp-devel-4.3.1-150300.6.2.x86_64",
"product": {
"name": "libslirp-devel-4.3.1-150300.6.2.x86_64",
"product_id": "libslirp-devel-4.3.1-150300.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "libslirp0-4.3.1-150300.6.2.x86_64",
"product": {
"name": "libslirp0-4.3.1-150300.6.2.x86_64",
"product_id": "libslirp0-4.3.1-150300.6.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp-devel-4.3.1-150300.6.2.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.aarch64"
},
"product_reference": "libslirp-devel-4.3.1-150300.6.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp-devel-4.3.1-150300.6.2.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.ppc64le"
},
"product_reference": "libslirp-devel-4.3.1-150300.6.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp-devel-4.3.1-150300.6.2.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.s390x"
},
"product_reference": "libslirp-devel-4.3.1-150300.6.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp-devel-4.3.1-150300.6.2.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.x86_64"
},
"product_reference": "libslirp-devel-4.3.1-150300.6.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.6.2.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.aarch64"
},
"product_reference": "libslirp0-4.3.1-150300.6.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.6.2.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.ppc64le"
},
"product_reference": "libslirp0-4.3.1-150300.6.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.6.2.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.s390x"
},
"product_reference": "libslirp0-4.3.1-150300.6.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.6.2.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.x86_64"
},
"product_reference": "libslirp0-4.3.1-150300.6.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp-devel-4.3.1-150300.6.2.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.aarch64"
},
"product_reference": "libslirp-devel-4.3.1-150300.6.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp-devel-4.3.1-150300.6.2.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.ppc64le"
},
"product_reference": "libslirp-devel-4.3.1-150300.6.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp-devel-4.3.1-150300.6.2.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.s390x"
},
"product_reference": "libslirp-devel-4.3.1-150300.6.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp-devel-4.3.1-150300.6.2.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.x86_64"
},
"product_reference": "libslirp-devel-4.3.1-150300.6.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.6.2.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.aarch64"
},
"product_reference": "libslirp0-4.3.1-150300.6.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.6.2.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.ppc64le"
},
"product_reference": "libslirp0-4.3.1-150300.6.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.6.2.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.s390x"
},
"product_reference": "libslirp0-4.3.1-150300.6.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.6.2.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.x86_64"
},
"product_reference": "libslirp0-4.3.1-150300.6.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.6.2.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.aarch64"
},
"product_reference": "libslirp0-4.3.1-150300.6.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.6.2.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.s390x"
},
"product_reference": "libslirp0-4.3.1-150300.6.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.6.2.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.x86_64"
},
"product_reference": "libslirp0-4.3.1-150300.6.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.6.2.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.aarch64"
},
"product_reference": "libslirp0-4.3.1-150300.6.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.6.2.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.s390x"
},
"product_reference": "libslirp0-4.3.1-150300.6.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.6.2.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.x86_64"
},
"product_reference": "libslirp0-4.3.1-150300.6.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp-devel-4.3.1-150300.6.2.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.aarch64"
},
"product_reference": "libslirp-devel-4.3.1-150300.6.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp-devel-4.3.1-150300.6.2.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.ppc64le"
},
"product_reference": "libslirp-devel-4.3.1-150300.6.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp-devel-4.3.1-150300.6.2.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.s390x"
},
"product_reference": "libslirp-devel-4.3.1-150300.6.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp-devel-4.3.1-150300.6.2.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.x86_64"
},
"product_reference": "libslirp-devel-4.3.1-150300.6.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.6.2.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.aarch64"
},
"product_reference": "libslirp0-4.3.1-150300.6.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.6.2.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.ppc64le"
},
"product_reference": "libslirp0-4.3.1-150300.6.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.6.2.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.s390x"
},
"product_reference": "libslirp0-4.3.1-150300.6.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.6.2.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.x86_64"
},
"product_reference": "libslirp0-4.3.1-150300.6.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp-devel-4.3.1-150300.6.2.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.aarch64"
},
"product_reference": "libslirp-devel-4.3.1-150300.6.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp-devel-4.3.1-150300.6.2.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.ppc64le"
},
"product_reference": "libslirp-devel-4.3.1-150300.6.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp-devel-4.3.1-150300.6.2.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.s390x"
},
"product_reference": "libslirp-devel-4.3.1-150300.6.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp-devel-4.3.1-150300.6.2.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.x86_64"
},
"product_reference": "libslirp-devel-4.3.1-150300.6.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.6.2.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.aarch64"
},
"product_reference": "libslirp0-4.3.1-150300.6.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.6.2.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.ppc64le"
},
"product_reference": "libslirp0-4.3.1-150300.6.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.6.2.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.s390x"
},
"product_reference": "libslirp0-4.3.1-150300.6.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libslirp0-4.3.1-150300.6.2.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.x86_64"
},
"product_reference": "libslirp0-4.3.1-150300.6.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3592",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3592"
}
],
"notes": [
{
"category": "general",
"text": "An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the \u0027bootp_t\u0027 structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.x86_64",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.aarch64",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.ppc64le",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.s390x",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.x86_64",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.aarch64",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.ppc64le",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.s390x",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.x86_64",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.aarch64",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.ppc64le",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.s390x",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.x86_64",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.aarch64",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.ppc64le",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.s390x",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3592",
"url": "https://www.suse.com/security/cve/CVE-2021-3592"
},
{
"category": "external",
"summary": "SUSE Bug 1187364 for CVE-2021-3592",
"url": "https://bugzilla.suse.com/1187364"
},
{
"category": "external",
"summary": "SUSE Bug 1187369 for CVE-2021-3592",
"url": "https://bugzilla.suse.com/1187369"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.x86_64",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.aarch64",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.ppc64le",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.s390x",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.x86_64",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.aarch64",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.ppc64le",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.s390x",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.x86_64",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.aarch64",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.ppc64le",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.s390x",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.x86_64",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.aarch64",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.ppc64le",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.s390x",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.x86_64",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.aarch64",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.ppc64le",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.s390x",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.x86_64",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.aarch64",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.ppc64le",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.s390x",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.x86_64",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.aarch64",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.ppc64le",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.s390x",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.x86_64",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.aarch64",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.ppc64le",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.s390x",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:56:39Z",
"details": "low"
}
],
"title": "CVE-2021-3592"
},
{
"cve": "CVE-2021-3594",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3594"
}
],
"notes": [
{
"category": "general",
"text": "An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the \u0027udphdr\u0027 structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.x86_64",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.aarch64",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.ppc64le",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.s390x",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.x86_64",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.aarch64",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.ppc64le",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.s390x",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.x86_64",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.aarch64",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.ppc64le",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.s390x",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.x86_64",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.aarch64",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.ppc64le",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.s390x",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3594",
"url": "https://www.suse.com/security/cve/CVE-2021-3594"
},
{
"category": "external",
"summary": "SUSE Bug 1187367 for CVE-2021-3594",
"url": "https://bugzilla.suse.com/1187367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.x86_64",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.aarch64",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.ppc64le",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.s390x",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.x86_64",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.aarch64",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.ppc64le",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.s390x",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.x86_64",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.aarch64",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.ppc64le",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.s390x",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.x86_64",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.aarch64",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.ppc64le",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.s390x",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.x86_64",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.aarch64",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.ppc64le",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.s390x",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.x86_64",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.aarch64",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.ppc64le",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.s390x",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.x86_64",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.aarch64",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.ppc64le",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.s390x",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.x86_64",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.aarch64",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.ppc64le",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.s390x",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:56:39Z",
"details": "low"
}
],
"title": "CVE-2021-3594"
},
{
"cve": "CVE-2021-3595",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3595"
}
],
"notes": [
{
"category": "general",
"text": "An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the \u0027tftp_t\u0027 structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.x86_64",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.aarch64",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.ppc64le",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.s390x",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.x86_64",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.aarch64",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.ppc64le",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.s390x",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.x86_64",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.aarch64",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.ppc64le",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.s390x",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.x86_64",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.aarch64",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.ppc64le",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.s390x",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3595",
"url": "https://www.suse.com/security/cve/CVE-2021-3595"
},
{
"category": "external",
"summary": "SUSE Bug 1187366 for CVE-2021-3595",
"url": "https://bugzilla.suse.com/1187366"
},
{
"category": "external",
"summary": "SUSE Bug 1187376 for CVE-2021-3595",
"url": "https://bugzilla.suse.com/1187376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.x86_64",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.aarch64",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.ppc64le",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.s390x",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.x86_64",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.aarch64",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.ppc64le",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.s390x",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.x86_64",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.aarch64",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.ppc64le",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.s390x",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.x86_64",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.aarch64",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.ppc64le",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.s390x",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Micro 5.1:libslirp0-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Micro 5.2:libslirp0-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp-devel-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libslirp0-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp-devel-4.3.1-150300.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libslirp0-4.3.1-150300.6.2.x86_64",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.aarch64",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.ppc64le",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.s390x",
"openSUSE Leap 15.3:libslirp-devel-4.3.1-150300.6.2.x86_64",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.aarch64",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.ppc64le",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.s390x",
"openSUSE Leap 15.3:libslirp0-4.3.1-150300.6.2.x86_64",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.aarch64",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.ppc64le",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.s390x",
"openSUSE Leap 15.4:libslirp-devel-4.3.1-150300.6.2.x86_64",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.aarch64",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.ppc64le",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.s390x",
"openSUSE Leap 15.4:libslirp0-4.3.1-150300.6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-18T14:56:39Z",
"details": "low"
}
],
"title": "CVE-2021-3595"
}
]
}
WID-SEC-W-2022-1219
Vulnerability from csaf_certbund - Published: 2021-06-23 22:00 - Updated: 2024-09-02 22:00Summary
QEMU: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: QEMU ist eine freie Virtualisierungssoftware, die die gesamte Hardware eines Computers emuliert.
Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen in QEMU ausnutzen, um Informationen offenzulegen.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
In QEMU existieren mehrere Schwachstellen, die auf Fehler bei der Initialisierung bei Zeigern zurückzuführen sind. Diese treten beim Aufrufen der Funktionen "bootp_input()", "udp6_input()", "tftp_input()", "udp_input()" auf. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source QEMU
Open Source
|
cpe:/a:qemu:qemu:-
|
— |
In QEMU existieren mehrere Schwachstellen, die auf Fehler bei der Initialisierung bei Zeigern zurückzuführen sind. Diese treten beim Aufrufen der Funktionen "bootp_input()", "udp6_input()", "tftp_input()", "udp_input()" auf. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source QEMU
Open Source
|
cpe:/a:qemu:qemu:-
|
— |
In QEMU existieren mehrere Schwachstellen, die auf Fehler bei der Initialisierung bei Zeigern zurückzuführen sind. Diese treten beim Aufrufen der Funktionen "bootp_input()", "udp6_input()", "tftp_input()", "udp_input()" auf. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source QEMU
Open Source
|
cpe:/a:qemu:qemu:-
|
— |
In QEMU existieren mehrere Schwachstellen, die auf Fehler bei der Initialisierung bei Zeigern zurückzuführen sind. Diese treten beim Aufrufen der Funktionen "bootp_input()", "udp6_input()", "tftp_input()", "udp_input()" auf. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source QEMU
Open Source
|
cpe:/a:qemu:qemu:-
|
— |
References
36 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "QEMU ist eine freie Virtualisierungssoftware, die die gesamte Hardware eines Computers emuliert.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen in QEMU ausnutzen, um Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-1219 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2022-1219.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-1219 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1219"
},
{
"category": "external",
"summary": "Red Hat Bugzilla - Bug 1970484 vom 2021-06-23",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970484"
},
{
"category": "external",
"summary": "Red Hat Bugzilla - Bug 1970487 vom 2021-06-23",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970487"
},
{
"category": "external",
"summary": "Red Hat Bugzilla - Bug 1970489 vom 2021-06-23",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970489"
},
{
"category": "external",
"summary": "Red Hat Bugzilla - Bug 1970491 vom 2021-06-23",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970491"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5010-1 vom 2021-07-15",
"url": "https://ubuntu.com/security/notices/USN-5010-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5009-1 vom 2021-07-15",
"url": "https://ubuntu.com/security/notices/USN-5009-1"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202107-44 vom 2021-07-20",
"url": "https://security.gentoo.org/glsa/202107-44"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:2428-1 vom 2021-07-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009185.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:2448-1 vom 2021-07-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009200.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:2461-1 vom 2021-07-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009211.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:2474-1 vom 2021-07-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009213.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:2546-1 vom 2021-07-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009225.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:2563-1 vom 2021-07-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009229.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:14772-1 vom 2021-08-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-August/009246.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:14774-1 vom 2021-08-06",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-August/009266.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5009-2 vom 2021-10-26",
"url": "https://ubuntu.com/security/notices/USN-5009-2"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-2753 vom 2021-09-02",
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:2924-1 vom 2021-09-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-September/009390.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:2955-1 vom 2021-09-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-September/009406.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:2957-1 vom 2021-09-06",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-September/009414.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:3322-1 vom 2021-10-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-October/009548.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:4191 vom 2021-11-09",
"url": "https://access.redhat.com/errata/RHSA-2021:4191"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2021-9638 vom 2022-01-04",
"url": "http://linux.oracle.com/errata/ELSA-2021-9638.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:1730-1 vom 2022-05-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-May/011076.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-1762 vom 2022-05-17",
"url": "https://linux.oracle.com/errata/ELSA-2022-1762.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-9172 vom 2022-02-25",
"url": "https://linux.oracle.com/errata/ELSA-2022-9172.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-2970 vom 2022-04-04",
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:1314-1 vom 2022-04-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010804.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:1465-1 vom 2022-04-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010895.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:2941-1 vom 2022-08-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-August/012010.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3362 vom 2023-03-14",
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2023-2169 vom 2023-07-26",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2169.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12604 vom 2024-09-02",
"url": "https://linux.oracle.com/errata/ELSA-2024-12604.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12605 vom 2024-09-02",
"url": "https://linux.oracle.com/errata/ELSA-2024-12605.html"
}
],
"source_lang": "en-US",
"title": "QEMU: Mehrere Schwachstellen erm\u00f6glichen Offenlegung von Informationen",
"tracking": {
"current_release_date": "2024-09-02T22:00:00.000+00:00",
"generator": {
"date": "2024-09-03T08:15:42.086+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.6"
}
},
"id": "WID-SEC-W-2022-1219",
"initial_release_date": "2021-06-23T22:00:00.000+00:00",
"revision_history": [
{
"date": "2021-06-23T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2021-07-15T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2021-07-19T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2021-07-21T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-07-22T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-07-25T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-07-27T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-07-28T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-07-29T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-08-03T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-08-08T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-09-02T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Debian und SUSE aufgenommen"
},
{
"date": "2021-09-05T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-09-06T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-10-07T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-10-26T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2021-11-09T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-01-04T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2022-02-24T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2022-04-04T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2022-04-24T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-05-01T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-05-17T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2022-05-18T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-08-30T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-03-14T23:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2023-07-25T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-09-02T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Oracle Linux aufgenommen"
}
],
"status": "final",
"version": "28"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source QEMU",
"product": {
"name": "Open Source QEMU",
"product_id": "T016972",
"product_identification_helper": {
"cpe": "cpe:/a:qemu:qemu:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3592",
"notes": [
{
"category": "description",
"text": "In QEMU existieren mehrere Schwachstellen, die auf Fehler bei der Initialisierung bei Zeigern zur\u00fcckzuf\u00fchren sind. Diese treten beim Aufrufen der Funktionen \"bootp_input()\", \"udp6_input()\", \"tftp_input()\", \"udp_input()\" auf. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T012167",
"T004914",
"T016972"
]
},
"release_date": "2021-06-23T22:00:00.000+00:00",
"title": "CVE-2021-3592"
},
{
"cve": "CVE-2021-3593",
"notes": [
{
"category": "description",
"text": "In QEMU existieren mehrere Schwachstellen, die auf Fehler bei der Initialisierung bei Zeigern zur\u00fcckzuf\u00fchren sind. Diese treten beim Aufrufen der Funktionen \"bootp_input()\", \"udp6_input()\", \"tftp_input()\", \"udp_input()\" auf. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T012167",
"T004914",
"T016972"
]
},
"release_date": "2021-06-23T22:00:00.000+00:00",
"title": "CVE-2021-3593"
},
{
"cve": "CVE-2021-3594",
"notes": [
{
"category": "description",
"text": "In QEMU existieren mehrere Schwachstellen, die auf Fehler bei der Initialisierung bei Zeigern zur\u00fcckzuf\u00fchren sind. Diese treten beim Aufrufen der Funktionen \"bootp_input()\", \"udp6_input()\", \"tftp_input()\", \"udp_input()\" auf. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T012167",
"T004914",
"T016972"
]
},
"release_date": "2021-06-23T22:00:00.000+00:00",
"title": "CVE-2021-3594"
},
{
"cve": "CVE-2021-3595",
"notes": [
{
"category": "description",
"text": "In QEMU existieren mehrere Schwachstellen, die auf Fehler bei der Initialisierung bei Zeigern zur\u00fcckzuf\u00fchren sind. Diese treten beim Aufrufen der Funktionen \"bootp_input()\", \"udp6_input()\", \"tftp_input()\", \"udp_input()\" auf. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T012167",
"T004914",
"T016972"
]
},
"release_date": "2021-06-23T22:00:00.000+00:00",
"title": "CVE-2021-3595"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…