CVE-2018-16847

An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
redhatCNA
7 HIGH
LOCAL
HIGH
LOW
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
VendorProductVersion
qemuqemu
𝑥
≤ 3.0.0
qemuqemu
3.1.0:rc0
qemuqemu
3.1.0:rc1
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
18.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
qemu
bullseye
1:5.2+dfsg-11+deb11u3
fixed
stretch
not-affected
jessie
not-affected
bullseye (security)
1:5.2+dfsg-11+deb11u2
fixed
bookworm
1:7.2+dfsg-7+deb12u7
fixed
sid
1:9.1.1+ds-2
fixed
trixie
1:9.1.1+ds-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qemu
cosmic
Fixed 1:2.12+dfsg-3ubuntu8.1
released
bionic
Fixed 1:2.11+dfsg-1ubuntu7.8
released
xenial
not-affected
trusty
not-affected
qemu-kvm
cosmic
dne
bionic
dne
xenial
dne
trusty
dne
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/105866
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16847
https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html
https://usn.ubuntu.com/3826-1/
https://www.openwall.com/lists/oss-security/2018/11/02/1
http://www.securityfocus.com/bid/105866
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16847
https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html
https://usn.ubuntu.com/3826-1/
https://www.openwall.com/lists/oss-security/2018/11/02/1