Bug 1644052 (CVE-2018-16847) - CVE-2018-16847 QEMU: nvme: Out-of-bounds r/w buffer access in cmb operations
Summary: CVE-2018-16847 QEMU: nvme: Out-of-bounds r/w buffer access in cmb operations
Status: NEW
Alias: CVE-2018-16847
Product: Security Response
Classification: Other
Component: vulnerability   
(Show other bugs)
Version: unspecified
Hardware: All Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=important,public=20181101,repo...
Keywords: Security
Depends On: 1645438 1645439 1645440 1645441 1645442 1645443 1645444 1645445 1645446 1645447 1645448 1645449
Blocks: 1644053
TreeView+ depends on / blocked
 
Reported: 2018-10-29 21:18 UTC by Pedro Sampaio
Modified: 2018-11-19 09:07 UTC (History)
34 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
An out-of-bounds heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in a nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in denial of service or, potentially, run arbitrary code with privileges of the QEMU process.
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Pedro Sampaio 2018-10-29 21:18:39 UTC
An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU.  It could occur in nvme_cmb_ops routines in nvme devices. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process.

Upstream patch:
---------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html

Comment 2 Prasad J Pandit 2018-11-01 11:40:53 UTC
Acknowledgments:

Name: Li Qiang

Comment 3 Prasad J Pandit 2018-11-02 08:59:10 UTC
External References:

https://www.openwall.com/lists/oss-security/2018/11/02/1

Comment 4 Prasad J Pandit 2018-11-02 09:03:21 UTC
Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 1645442]


Note You need to log in before you can comment on or make changes to this bug.