CVE-2018-16847

EUVD-2018-8643
An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
redhatCNA
7 HIGH
LOCAL
HIGH
LOW
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
Affected Products (NVD)
VendorProductVersion
qemuqemu
𝑥
≤ 3.0.0
qemuqemu
3.1.0:rc0
qemuqemu
3.1.0:rc1
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
18.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
qemu
bookworm
1:7.2+dfsg-7+deb12u7
fixed
bullseye
1:5.2+dfsg-11+deb11u3
fixed
bullseye (security)
1:5.2+dfsg-11+deb11u2
fixed
jessie
not-affected
sid
1:9.1.1+ds-2
fixed
stretch
not-affected
trixie
1:9.1.1+ds-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qemu
bionic
Fixed 1:2.11+dfsg-1ubuntu7.8
released
cosmic
Fixed 1:2.12+dfsg-3ubuntu8.1
released
trusty
not-affected
xenial
not-affected
qemu-kvm
bionic
dne
cosmic
dne
trusty
dne
xenial
dne
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/105866
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16847
https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html
https://usn.ubuntu.com/3826-1/
https://www.openwall.com/lists/oss-security/2018/11/02/1
http://www.securityfocus.com/bid/105866
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16847
https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html
https://usn.ubuntu.com/3826-1/
https://www.openwall.com/lists/oss-security/2018/11/02/1