QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled.
References
Link | Resource |
---|---|
https://gitlab.com/birkelund/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98 | Patch |
https://gitlab.com/qemu-project/qemu/-/issues/1815 | Exploit Issue Tracking Vendor Advisory |
https://security.netapp.com/advisory/ntap-20230915-0004/ | Third Party Advisory |
https://www.qemu.org/docs/master/system/security.html | Vendor Advisory |
https://gitlab.com/birkelund/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98 | Patch |
https://gitlab.com/qemu-project/qemu/-/issues/1815 | Exploit Issue Tracking Vendor Advisory |
https://security.netapp.com/advisory/ntap-20230915-0004/ | Third Party Advisory |
https://www.qemu.org/docs/master/system/security.html | Vendor Advisory |
Configurations
History
21 Nov 2024, 08:19
Type | Values Removed | Values Added |
---|---|---|
References | () https://gitlab.com/birkelund/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98 - Patch | |
References | () https://gitlab.com/qemu-project/qemu/-/issues/1815 - Exploit, Issue Tracking, Vendor Advisory | |
References | () https://security.netapp.com/advisory/ntap-20230915-0004/ - Third Party Advisory | |
References | () https://www.qemu.org/docs/master/system/security.html - Vendor Advisory |
11 Dec 2023, 18:34
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20230915-0004/ - Third Party Advisory |
15 Sep 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 Aug 2023, 02:19
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-476 | |
CPE | cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* | |
First Time |
Qemu
Qemu qemu |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
References | (MISC) https://www.qemu.org/docs/master/system/security.html - Vendor Advisory | |
References | (MISC) https://gitlab.com/birkelund/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98 - Patch | |
References | (MISC) https://gitlab.com/qemu-project/qemu/-/issues/1815 - Exploit, Issue Tracking, Vendor Advisory |
14 Aug 2023, 18:59
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-14 18:15
Updated : 2024-11-21 08:19
NVD link : CVE-2023-40360
Mitre link : CVE-2023-40360
CVE.ORG link : CVE-2023-40360
JSON object : View
Products Affected
qemu
- qemu
CWE
CWE-476
NULL Pointer Dereference