An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme devices. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html
Acknowledgments: Name: Li Qiang
External References: https://www.openwall.com/lists/oss-security/2018/11/02/1
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1645442]