PT-2018-13770 · Qemu+3 · Qemu+3

Li Qiang

·

Published

2018-11-02

·

Updated

2020-05-14

·

CVE-2018-16847

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions QEMU (affected versions not specified)
Description A heap buffer out-of-bounds read/write access issue was discovered in the NVM Express Controller emulation of QEMU, specifically in the nvme cmb ops routines of the nvme device. This issue could allow a guest user or process to crash the QEMU process, resulting in a denial of service (DoS), or potentially execute arbitrary code with the privileges of the QEMU process.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Out of bounds Read

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-787

Related Identifiers

ALT-PU-2018-2870
CVE-2018-16847
OPENSUSE-SU-2018_4004-1
OPENSUSE-SU-2018_4135-1
SUSE-SU-2018:3927-1
SUSE-SU-2018:4086-1
SUSE-SU-2018:4185-1
SUSE-SU-2018_4086-1
USN-3826-1

Affected Products

Alt Linux
Qemu
Suse
Ubuntu