{
  "threat_severity" : "Moderate",
  "public_date" : "2019-08-25T00:00:00Z",
  "bugzilla" : {
    "description" : "QEMU: Slirp: use-after-free during packet reassembly",
    "id" : "1749716",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1749716"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.6",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-416",
  "details" : [ "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.", "A use-after-free issue was found in the SLiRP networking implementation of the QEMU emulator. The issue occurs in ip_reass() routine while reassembling incoming packets, if the first fragment is bigger than the m->m_dat[] buffer. A user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service." ],
  "statement" : "Red Hat OpenStack Platform:                                                                                                                 \n* This flaw impacts KVM user-mode or SLIRP networking, which is not used in Red Hat OpenStack Platform. Although updating is recommended for affected versions (see below), Red Hat OpenStack Platform environments are not vulnerable.",
  "affected_release" : [ {
    "product_name" : "Advanced Virtualization for RHEL 8.2.1",
    "release_date" : "2020-07-28T00:00:00Z",
    "advisory" : "RHBA-2020:3172",
    "cpe" : "cpe:/a:redhat:advanced_virtualization:8.2::el8",
    "package" : "virt:8.2-8020120200707202843.11e3e113"
  }, {
    "product_name" : "Advanced Virtualization for RHEL 8.2.1",
    "release_date" : "2020-07-28T00:00:00Z",
    "advisory" : "RHBA-2020:3172",
    "cpe" : "cpe:/a:redhat:advanced_virtualization:8.2::el8",
    "package" : "virt-devel:8.2-8020120200707202843.11e3e113"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2020-03-10T00:00:00Z",
    "advisory" : "RHSA-2020:0775",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "qemu-kvm-2:0.12.1.2-2.506.el6_10.6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7 Extras",
    "release_date" : "2020-03-17T00:00:00Z",
    "advisory" : "RHSA-2020:0889",
    "cpe" : "cpe:/a:redhat:rhel_extras_other:7",
    "package" : "slirp4netns-0:0.3.0-8.el7_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2020-02-04T00:00:00Z",
    "advisory" : "RHSA-2020:0348",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "container-tools:rhel8-8010120200116121758.53d07e52"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2020-11-04T00:00:00Z",
    "advisory" : "RHSA-2020:4676",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "virt-devel:rhel-8030020200909014558.30b713e6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2020-11-04T00:00:00Z",
    "advisory" : "RHSA-2020:4676",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "virt:rhel-8030020200909014558.30b713e6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Out of support scope",
    "package_name" : "kvm",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "xen",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Will not fix",
    "package_name" : "qemu-kvm",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Will not fix",
    "package_name" : "qemu-kvm-ma",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Will not fix",
    "package_name" : "qemu-kvm-rhev",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Out of support scope",
    "package_name" : "container-tools:1.0/slirp4netns",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8 Advanced Virtualization",
    "fix_state" : "Affected",
    "package_name" : "qemu-kvm",
    "cpe" : "cpe:/a:redhat:advanced_virtualization:8::el8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Not affected",
    "package_name" : "slirp4netns",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenStack Platform 10 (Newton)",
    "fix_state" : "Fix deferred",
    "package_name" : "qemu-kvm-rhev",
    "cpe" : "cpe:/a:redhat:openstack:10",
    "impact" : "low"
  }, {
    "product_name" : "Red Hat OpenStack Platform 13 (Queens)",
    "fix_state" : "Fix deferred",
    "package_name" : "qemu-kvm-rhev",
    "cpe" : "cpe:/a:redhat:openstack:13",
    "impact" : "low"
  }, {
    "product_name" : "Red Hat OpenStack Platform 14 (Rocky)",
    "fix_state" : "Out of support scope",
    "package_name" : "qemu-kvm-rhev",
    "cpe" : "cpe:/a:redhat:openstack:14",
    "impact" : "low"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-15890\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15890" ],
  "name" : "CVE-2019-15890",
  "csaw" : false
}