Bugzilla – Bug 1114540
VUL-0: CVE-2018-16847: xen: qemu: nvme: Out-of-bounds r/w buffer access in cmb operations
Last modified: 2018-11-20 07:47:37 UTC
+++ This bug was initially created as a clone of Bug #1114529 +++
An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme devices. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process.
Support for Controller Memory Buffers (CMB) in the NVM Express Controller
driver for upstream Xen qemu was added in May of 2017.
See commit a896f7f26a1a0417322463439825073c1a917e41
This means that no shipping version of the upstream Xen qemu has the code
being patched by this fix. The upstream Xen qemu was dropped in SLE12-SP2.
SLE12-SP1 upstream Xen qemu pre-dates the existence of CMB in the driver.
So nothing on the Xen side to be patched. We can close this bug.
thx for checking!