Main Vulnerability Database SB2018121713

SB2018121713 - OpenSUSE Linux update for qemu

Published: December 17, 2018

Security Bulletin ID SB2018121713

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Heap out-of-bounds read (CVE-ID: CVE-2018-16847)

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The vulnerability exists in nvme_cmb_ops routines in nvme device due to OOB heap buffer read access issue in the NVM Express Controller emulation'. An adjacent attacker can crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process.

Remediation

Install update from vendor's website.

References

https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00036.html