CVE-2020-1983 – CVE-2020-1983 is a use-after-free vulnerability... (How to Fix)

Q: What is the severity of CVE-2020-1983?

CVE-2020-1983 has a CVSS score of 7.5 (HIGH). CVE-2020-1983 is a use-after-free vulnerability in libslirp's IP packet reassembly function that allows specially crafted network packets to cause denial of service. This affects systems using libslirp 4.2.0 and earlier for network virtualization, including QEMU/KVM virtual machines and container environments.

📋 TL;DR

CVE-2020-1983 is a use-after-free vulnerability in libslirp's IP packet reassembly function that allows specially crafted network packets to cause denial of service. This affects systems using libslirp 4.2.0 and earlier for network virtualization, including QEMU/KVM virtual machines and container environments.

💻 Affected Systems

Products:

libslirp
QEMU
KVM
VirtualBox
containers using slirp networking

Versions: libslirp 4.2.0 and earlier

Operating Systems: Linux, BSD, macOS, Windows (when using affected virtualization software)

Default Config Vulnerable: ⚠️ Yes

Notes: Systems using libslirp for user-mode networking in virtualization or container environments are vulnerable when processing IP packet reassembly.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or instability of the host system running vulnerable libslirp, potentially affecting multiple virtual machines or containers.

🟠

Likely Case

Denial of service affecting network connectivity for virtual machines or containers using libslirp networking.

🟢

If Mitigated

Limited impact to isolated virtual machines or containers if proper network segmentation is in place.

🌐 Internet-Facing: MEDIUM - Exploitation requires sending crafted packets to vulnerable systems, which could be internet-facing virtualization hosts.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this to disrupt virtualization infrastructure.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending specially crafted IP packets to trigger the use-after-free condition during packet reassembly.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: libslirp 4.3.0 and later

Vendor Advisory: https://gitlab.freedesktop.org/slirp/libslirp/-/issues/20

Restart Required: Yes

Instructions:

1. Update libslirp to version 4.3.0 or later. 2. Update virtualization software (QEMU, VirtualBox, etc.) to versions incorporating the fixed libslirp. 3. Restart affected virtual machines and services.

🔧 Temporary Workarounds

Disable IP packet reassembly

linux

Configure systems to drop fragmented IP packets before they reach libslirp

iptables -A INPUT -f -j DROP
iptables -A FORWARD -f -j DROP

Use alternative networking

all

Configure virtualization to use bridged or NAT networking instead of slirp user-mode networking

🧯 If You Can't Patch

Isolate vulnerable systems in separate network segments with strict firewall rules
Implement network monitoring to detect and block malformed IP packets

🔍 How to Verify

Check if Vulnerable:

Check libslirp version: dpkg -l | grep libslirp or rpm -qa | grep libslirp

Check Version:

pkg-config --modversion slirp

Verify Fix Applied:

Verify libslirp version is 4.3.0 or later and check virtualization software version

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Virtual machine crash logs
libslirp segmentation fault errors

Network Indicators:

Unusual fragmented IP packets to virtualization hosts
Network connectivity loss in virtual machines

SIEM Query:

source="*kernel*" AND "panic" OR "segfault" AND "libslirp" OR "ip_reass"

📊 Metadata

CVE ID: CVE-2020-1983

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-416

Published: April 22, 2020

Last Updated: November 21, 2024

🔗 References

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00022.html Mailing List,Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00001.html Mailing List,Third Party Advisory
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/9ac0371bb8c0a40f5d9f82a1c25129660e81df04 Patch,Third Party Advisory
https://gitlab.freedesktop.org/slirp/libslirp/-/issues/20 Exploit,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00032.html Mailing List,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html Mailing List,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWFD4MWV3YWIHVHSA2F7FKOLJFL4PHOX/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NKT2MTSINE4NUPG5L6BYH6N23NBNITOL/
https://usn.ubuntu.com/4372-1/ Third Party Advisory
https://www.debian.org/security/2020/dsa-4665 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00022.html Mailing List,Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00001.html Mailing List,Third Party Advisory
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/9ac0371bb8c0a40f5d9f82a1c25129660e81df04 Patch,Third Party Advisory
https://gitlab.freedesktop.org/slirp/libslirp/-/issues/20 Exploit,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00032.html Mailing List,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html Mailing List,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWFD4MWV3YWIHVHSA2F7FKOLJFL4PHOX/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NKT2MTSINE4NUPG5L6BYH6N23NBNITOL/
https://usn.ubuntu.com/4372-1/ Third Party Advisory
https://www.debian.org/security/2020/dsa-4665 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-1983, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Debian Linux by Debian

Debian Linux by Debian

Fedora by Fedoraproject

Fedora by Fedoraproject

Leap by Opensuse

Libslirp by Libslirp Project

Ubuntu Linux by Canonical

Ubuntu Linux by Canonical

Ubuntu Linux by Canonical

Ubuntu Linux by Canonical

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable IP packet reassembly

Use alternative networking

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities