Bugzilla – Bug 1114540
VUL-0: CVE-2018-16847: xen: qemu: nvme: Out-of-bounds r/w buffer access in cmb operations
Last modified: 2018-11-20 07:47:37 UTC
+++ This bug was initially created as a clone of Bug #1114529 +++ rh#1644052 An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme devices. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html References: https://bugzilla.redhat.com/show_bug.cgi?id=1644052 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16847 http://seclists.org/oss-sec/2018/q4/124 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16847 https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html
Support for Controller Memory Buffers (CMB) in the NVM Express Controller driver for upstream Xen qemu was added in May of 2017. See commit a896f7f26a1a0417322463439825073c1a917e41 This means that no shipping version of the upstream Xen qemu has the code being patched by this fix. The upstream Xen qemu was dropped in SLE12-SP2. SLE12-SP1 upstream Xen qemu pre-dates the existence of CMB in the driver. So nothing on the Xen side to be patched. We can close this bug.
thx for checking!