CVE-2018-16847

Published: 02 November 2018

An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver)
Released (1:2.11+dfsg-1ubuntu7.8)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)
Patches:
Other: https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html
Upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=5e3c0220d7e4f0361c4d36c697a8842f2b583402
qemu-kvm
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(debian: support for Controller Memory Buffers added later)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist