Описание
An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, and thus interaction with hw/nvme/ctrl.c is mishandled.
A flaw was found in the NVMe emulation support of QEMU. The register_vfs() function in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, causing the interaction with hw/nvme/ctrl.c to be mishandled. This issue could lead to out-of-bounds memory access in hw/nvme. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition.
Отчет
The affected code path can only be reached if dev->exp.sriov_cap is set. For example, if QEMU is explicitly launched with the hw/nvme SR-IOV emulation enabled (parameter sriov_max_vfs is set). The emulation is exclusively used to emulate NVMe devices with SR-IOV capabilities for host software development purposes. Thus, the security impact of this CVE is Low.
The qemu-kvm versions, as shipped with Red Hat Enterprise Linux and RHEL Advanced Virtualization, are not affected by this flaw as they did not include support for NVMe emulation.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 7 | qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 7 | qemu-kvm-ma | Not affected | ||
| Red Hat Enterprise Linux 8 | virt:rhel/qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 8 Advanced Virtualization | virt:av/qemu-kvm | Not affected | ||
| Red Hat Enterprise Linux 9 | qemu-kvm | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
4.7 Medium
CVSS3
Связанные уязвимости
An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, and thus interaction with hw/nvme/ctrl.c is mishandled.
An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, and thus interaction with hw/nvme/ctrl.c is mishandled.
An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in h ...
An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, and thus interaction with hw/nvme/ctrl.c is mishandled.
EPSS
4.7 Medium
CVSS3