CVE-2023-40360
N/A
N/A
Summary
QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://gitlab.com/qemu-project/qemu/-/issues/1815
- https://gitlab.com/birkelund/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98
- https://www.qemu.org/docs/master/system/security.html
- https://security.netapp.com/advisory/ntap-20230915-0004/
References
- https://gitlab.com/qemu-project/qemu/-/issues/1815
- https://gitlab.com/birkelund/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98
- https://www.qemu.org/docs/master/system/security.html
- https://security.netapp.com/advisory/ntap-20230915-0004/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.