Bugzilla – Bug 1114529
VUL-0: CVE-2018-16847: qemu: nvme: Out-of-bounds r/w buffer access in cmb operations
Last modified: 2021-05-27 12:46:50 UTC
rh#1644052 An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme devices. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html References: https://bugzilla.redhat.com/show_bug.cgi?id=1644052 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16847 http://seclists.org/oss-sec/2018/q4/124 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16847 https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html
Hi, my investigation suggests that the following codestreams are affected: - SUSE:SLE-15:Update/qemu - SUSE:SLE-12-SP4:Update/qemu Older codestreams seem to be missing the affected code.
(In reply to Robert Frohl from comment #1) > Hi, > my investigation suggests that the following codestreams are affected: > - SUSE:SLE-15:Update/qemu > - SUSE:SLE-12-SP4:Update/qemu > > Older codestreams seem to be missing the affected code. Looks correct to me.
On the qemu-devel mailing list, the discussion seems to have concluded that there is actually no vulnerability here. I'll continue to watch for developments here, including whether the CVE gets withdrawn.
Another update. I guess there still does need to be a security related fix here, just not the first one proposed. Here is the currently proposed patch: https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg03181.html For our backporting purposes the testsuite addition is not very relevant, so it ends up being quite simple change. Is it too late to resubmit the SLE12SP4 and SLE15 maintenance request with this one change?
no, please resubmit.
(In reply to Marcus Meissner from comment #6) > no, please resubmit. Resubmitted as follows: For SLE-12-SP4: MR 178498 For SLE-15 qemu: MR 178500
SUSE-SU-2018:3927-1: An update that solves 7 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1106222,1107489,1110910,1111006,1111010,1111013,1112499,1114422,1114529 CVE References: CVE-2018-10839,CVE-2018-15746,CVE-2018-16847,CVE-2018-17958,CVE-2018-17962,CVE-2018-17963,CVE-2018-18849 Sources used: SUSE Linux Enterprise Module for Server Applications 15 (src): qemu-2.11.2-9.12.2 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): qemu-2.11.2-9.12.2, qemu-linux-user-2.11.2-9.12.1 SUSE Linux Enterprise Module for Basesystem 15 (src): qemu-2.11.2-9.12.2
openSUSE-SU-2018:4004-1: An update that solves 7 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1106222,1107489,1110910,1111006,1111010,1111013,1112499,1114422,1114529 CVE References: CVE-2018-10839,CVE-2018-15746,CVE-2018-16847,CVE-2018-17958,CVE-2018-17962,CVE-2018-17963,CVE-2018-18849 Sources used: openSUSE Leap 15.0 (src): qemu-2.11.2-lp150.7.12.1, qemu-linux-user-2.11.2-lp150.7.12.1, qemu-testsuite-2.11.2-lp150.7.12.1
SUSE-SU-2018:4086-1: An update that solves one vulnerability and has one errata is now available. Category: security (important) Bug References: 1108474,1114529 CVE References: CVE-2018-16847 Sources used: SUSE Linux Enterprise Module for Server Applications 15 (src): qemu-2.11.2-9.17.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): qemu-2.11.2-9.17.1, qemu-linux-user-2.11.2-9.17.1 SUSE Linux Enterprise Module for Basesystem 15 (src): qemu-2.11.2-9.17.1
openSUSE-SU-2018:4135-1: An update that solves one vulnerability and has one errata is now available. Category: security (important) Bug References: 1108474,1114529 CVE References: CVE-2018-16847 Sources used: openSUSE Leap 15.0 (src): qemu-2.11.2-lp150.7.15.1, qemu-linux-user-2.11.2-lp150.7.15.1, qemu-testsuite-2.11.2-lp150.7.15.1
SUSE-SU-2018:4185-1: An update that solves 7 vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1106222,1108474,1110910,1111006,1111010,1111013,1114422,1114529 CVE References: CVE-2018-10839,CVE-2018-15746,CVE-2018-16847,CVE-2018-17958,CVE-2018-17962,CVE-2018-17963,CVE-2018-18849 Sources used: SUSE Linux Enterprise Server 12-SP4 (src): qemu-2.11.2-5.5.1 SUSE Linux Enterprise Desktop 12-SP4 (src): qemu-2.11.2-5.5.1
Fix is included in qemu v3.1.0, which is already in Factory, and to be used for SLE15-SP1, so all affected code streams are fixed. Marking so.