897654 – (CVE-2014-3640) VUL-0: CVE-2014-3640: kvm,qemu: slirp: NULL pointer deref in sosendto()

Bug 897654 (CVE-2014-3640) - VUL-0: CVE-2014-3640: kvm,qemu: slirp: NULL pointer deref in sosendto()

Summary: VUL-0: CVE-2014-3640: kvm,qemu: slirp: NULL pointer deref in sosendto()

Status:	RESOLVED FIXED

Alias:	CVE-2014-3640

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Bruce Rogers
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/106476/
Whiteboard:	maint:released:sle11-sp3:60370 CVSSv2...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2014-09-22 05:23 UTC by Marcus Meissner
Modified:	2017-08-03 15:45 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2014-09-22 05:23:21 UTC

via rh bugzilla

When guest sends udp packet with source port and source addr 0,
uninitialized socket is picked up when looking for matching and already
created udp sockets, and later passed to sosendto() where NULL pointer
dereference is hit during so->slirp->vnetwork_mask.s_addr access.

Only guests using qemu user networking are affected.

Patch:
https://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg03543.html

https://bugzilla.redhat.com/show_bug.cgi?id=1144818

Comment 1 Swamp Workflow Management 2014-10-01 12:06:00 UTC

bugbot adjusting priority

Comment 2 Swamp Workflow Management 2015-02-23 23:07:13 UTC

SUSE-SU-2015:0357-1: An update that solves 6 vulnerabilities and has 9 fixes is now available.

Category: security (moderate)
Bug References: 843074,852397,878350,879665,897654,897783,899144,899484,900084,904176,905097,907805,908381,910145,911742
CVE References: CVE-2014-3633,CVE-2014-3640,CVE-2014-3657,CVE-2014-7823,CVE-2014-7840,CVE-2014-8106
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    libvirt-1.0.5.9-0.19.3, libvirt-1.0.5.9-0.19.6
SUSE Linux Enterprise Server 11 SP3 (src):    kvm-1.4.2-0.21.4, kvm-1.4.2-0.21.5, libvirt-1.0.5.9-0.19.3, libvirt-1.0.5.9-0.19.5, libvirt-1.0.5.9-0.19.6
SUSE Linux Enterprise Desktop 11 SP3 (src):    kvm-1.4.2-0.21.4, libvirt-1.0.5.9-0.19.3

Comment 6 Swamp Workflow Management 2016-03-24 12:09:41 UTC

SUSE-SU-2016:0873-1: An update that solves 43 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 864391,864655,864769,864805,864811,877642,897654,901508,902737,924018,928393,945404,945989,954872,956829,957162,957698,957988,958007,958009,958491,958523,958917,959005,959332,959387,959695,960334,960707,960725,960835,960861,960862,961332,961358,961691,962320,963782,963923,964413,965315,965317,967012,967013,967969,969121,969122,969350
CVE References: CVE-2013-4533,CVE-2013-4534,CVE-2013-4537,CVE-2013-4538,CVE-2013-4539,CVE-2014-0222,CVE-2014-3640,CVE-2014-3689,CVE-2014-7815,CVE-2014-9718,CVE-2015-1779,CVE-2015-5278,CVE-2015-6855,CVE-2015-7512,CVE-2015-7549,CVE-2015-8345,CVE-2015-8504,CVE-2015-8550,CVE-2015-8554,CVE-2015-8555,CVE-2015-8558,CVE-2015-8567,CVE-2015-8568,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2015-8744,CVE-2015-8745,CVE-2015-8817,CVE-2015-8818,CVE-2016-1568,CVE-2016-1570,CVE-2016-1571,CVE-2016-1714,CVE-2016-1922,CVE-2016-1981,CVE-2016-2198,CVE-2016-2270,CVE-2016-2271,CVE-2016-2391,CVE-2016-2392,CVE-2016-2538,CVE-2016-2841
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    xen-4.5.2_06-7.1
SUSE Linux Enterprise Server 12-SP1 (src):    xen-4.5.2_06-7.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    xen-4.5.2_06-7.1

Comment 7 Swamp Workflow Management 2016-04-05 15:09:36 UTC

SUSE-SU-2016:0955-1: An update that solves 46 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 864391,864655,864673,864678,864682,864769,864805,864811,877642,897654,901508,902737,924018,928393,945404,945989,954872,956829,957162,957988,958007,958009,958491,958523,958917,959005,959387,959695,959928,960334,960707,960725,960835,960861,960862,961332,961358,961691,962320,963782,963923,964413,965315,965317,967012,967013,967630,967969,969121,969122,969350
CVE References: CVE-2013-4527,CVE-2013-4529,CVE-2013-4530,CVE-2013-4533,CVE-2013-4534,CVE-2013-4537,CVE-2013-4538,CVE-2013-4539,CVE-2014-0222,CVE-2014-3640,CVE-2014-3689,CVE-2014-7815,CVE-2014-9718,CVE-2015-1779,CVE-2015-5278,CVE-2015-6855,CVE-2015-7512,CVE-2015-7549,CVE-2015-8345,CVE-2015-8504,CVE-2015-8550,CVE-2015-8554,CVE-2015-8555,CVE-2015-8558,CVE-2015-8567,CVE-2015-8568,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2015-8744,CVE-2015-8745,CVE-2015-8817,CVE-2015-8818,CVE-2016-1568,CVE-2016-1570,CVE-2016-1571,CVE-2016-1714,CVE-2016-1922,CVE-2016-1981,CVE-2016-2198,CVE-2016-2270,CVE-2016-2271,CVE-2016-2391,CVE-2016-2392,CVE-2016-2538,CVE-2016-2841
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    xen-4.4.4_02-32.1
SUSE Linux Enterprise Server 11-SP4 (src):    xen-4.4.4_02-32.1
SUSE Linux Enterprise Desktop 11-SP4 (src):    xen-4.4.4_02-32.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    xen-4.4.4_02-32.1

Comment 8 Swamp Workflow Management 2016-04-26 14:09:28 UTC

SUSE-SU-2016:1154-1: An update that solves 26 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 864391,864655,864769,864805,864811,877642,897654,901508,902737,945989,957162,957988,958007,958009,958491,958523,959005,960707,960725,960861,960862,961691,963782,965315,965317,967013,967630,969350
CVE References: CVE-2013-4533,CVE-2013-4534,CVE-2013-4537,CVE-2013-4538,CVE-2013-4539,CVE-2014-0222,CVE-2014-3640,CVE-2014-3689,CVE-2014-7815,CVE-2015-5278,CVE-2015-7512,CVE-2015-8504,CVE-2015-8550,CVE-2015-8554,CVE-2015-8555,CVE-2015-8558,CVE-2015-8743,CVE-2015-8745,CVE-2016-1570,CVE-2016-1571,CVE-2016-1714,CVE-2016-1981,CVE-2016-2270,CVE-2016-2271,CVE-2016-2391,CVE-2016-2841
Sources used:
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    xen-4.1.6_08-26.1

Comment 9 Swamp Workflow Management 2016-07-06 09:11:19 UTC

SUSE-SU-2016:1745-1: An update that solves 35 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 864391,864655,864673,864678,864682,864769,864805,864811,877642,897654,901508,902737,928393,945404,945989,954872,956829,957162,957988,958007,958009,958491,958523,959005,959695,959928,960707,960725,960861,960862,961332,961691,963782,965315,965317,967012,967013,967630,967969,969350
CVE References: CVE-2013-4527,CVE-2013-4529,CVE-2013-4530,CVE-2013-4533,CVE-2013-4534,CVE-2013-4537,CVE-2013-4538,CVE-2013-4539,CVE-2014-0222,CVE-2014-3640,CVE-2014-3689,CVE-2014-7815,CVE-2014-9718,CVE-2015-5278,CVE-2015-6855,CVE-2015-7512,CVE-2015-8345,CVE-2015-8504,CVE-2015-8550,CVE-2015-8554,CVE-2015-8555,CVE-2015-8558,CVE-2015-8743,CVE-2015-8745,CVE-2016-1568,CVE-2016-1570,CVE-2016-1571,CVE-2016-1714,CVE-2016-1981,CVE-2016-2270,CVE-2016-2271,CVE-2016-2391,CVE-2016-2392,CVE-2016-2538,CVE-2016-2841
Sources used:
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    xen-4.2.5_20-24.9
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    xen-4.2.5_20-24.9

Comment 11 Johannes Segitz 2017-08-03 15:45:29 UTC

Also fixed in openSUSE, please reopen if you still need it