Bug 1214287 (CVE-2023-40360) - VUL-0: CVE-2023-40360: kvm,qemu: NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c
Summary: VUL-0: CVE-2023-40360: kvm,qemu: NULL pointer in nvme_directive_receive in hw...
Status: RESOLVED FIXED
Alias: CVE-2023-40360
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: E-mail List
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/375293/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-40360:5.5:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2023-08-15 09:45 UTC by Cathy Hu
Modified: 2024-05-24 09:07 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Cathy Hu 2023-08-15 09:45:28 UTC 
CVE-2023-40360

QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in
hw/nvme/ctrl.c because there is no check for whether an endurance group is
configured before checking whether Flexible Data Placement is enabled.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40360
https://www.cve.org/CVERecord?id=CVE-2023-40360
https://gitlab.com/birkelund/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98
https://gitlab.com/qemu-project/qemu/-/issues/1815
https://www.qemu.org/docs/master/system/security.html
Comment 1 Cathy Hu 2023-08-15 09:46:33 UTC 
Fixing commit: https://gitlab.com/qemu-project/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98

Affected: 
- SUSE:ALP:Source:Standard:1.0/qemu
- openSUSE:Factory/qemu
Comment 5 Robert Frohl 2024-05-24 09:07:21 UTC 
done, closing