CVE-2023-40360

QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
VendorProductVersion
qemuqemu
8.0.0 ≤
𝑥
≤ 8.0.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
qemu
bullseye
1:5.2+dfsg-11+deb11u3
not-affected
bookworm
1:7.2+dfsg-7+deb12u7
not-affected
buster
not-affected
bullseye (security)
1:5.2+dfsg-11+deb11u2
fixed
trixie
1:9.2.0+ds-2
fixed
sid
1:9.2.0+ds-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qemu
oracular
Fixed 1:8.1.3+ds-1ubuntu1
released
noble
Fixed 1:8.1.3+ds-1ubuntu1
released
mantic
Fixed 1:8.0.4+dfsg-1ubuntu3.23.10.2
released
lunar
not-affected
jammy
not-affected
focal
not-affected
bionic
not-affected
xenial
not-affected
trusty
not-affected
Common Weakness Enumeration
References
https://gitlab.com/birkelund/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98
https://gitlab.com/qemu-project/qemu/-/issues/1815
https://security.netapp.com/advisory/ntap-20230915-0004/
https://www.qemu.org/docs/master/system/security.html
https://gitlab.com/birkelund/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98
https://gitlab.com/qemu-project/qemu/-/issues/1815
https://security.netapp.com/advisory/ntap-20230915-0004/
https://www.qemu.org/docs/master/system/security.html