Your submission was sent successfully! Close

CVE-2018-16847

Published: 2 November 2018

An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
bionic
Released (1:2.11+dfsg-1ubuntu7.8)
cosmic
Released (1:2.12+dfsg-3ubuntu8.1)
precise Does not exist

trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Not vulnerable
(code not present)
qemu-kvm
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

precise Not vulnerable
(code not present)
trusty Does not exist

upstream Not vulnerable
(debian: support for Controller Memory Buffers added later)
xenial Does not exist