#VU16556 Heap out-of-bounds read in QEMU - CVE-2018-16847

Cybersecurity Help s.r.o.

Published: 2018-12-17

Vulnerability identifier: #VU16556

Vulnerability risk: Low

CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-16847

CWE-ID: CWE-125

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
QEMU
Client/Desktop applications / Virtualization software

Vendor: QEMU

Description

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The vulnerability exists in nvme_cmb_ops routines in nvme device due to OOB heap buffer read access issue in the NVM Express Controller emulation'. An adjacent attacker can crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process.

Mitigation
Install update from vendor's website.

Vulnerable software versions

QEMU: 0.1 - 2.12.50

External links
https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

OpenSUSE Linux update for qemu