Lucene search
HistoryAug 14, 2023 - 6:15 p.m.
CVE-2023-40360
qemu
null pointer
nvme_directive_receive
flexible data placement
endurance group
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
6.7
Confidence
High
EPSS
0.001
Percentile
19.6%
QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled.
Affected configurations
Node
qemuqemuRange8.0.0–8.0.4
Related
debiancve
debiancve
CVE-2023-40360
2023-08-14 18:15:11
cvelist
cvelist
CVE-2023-40360
2023-08-14 00:00:00
redhatcve
redhatcve
CVE-2023-40360
2023-08-22 17:50:59
veracode
veracode
Denial Of Service (DoS)
2023-09-02 01:23:03
osv
osv
CVE-2023-40360
2023-08-14 18:15:11
qemu regression
2024-06-06 12:29:55
qemu vulnerabilities
2024-01-08 17:46:08
cve
cve
CVE-2023-40360
2023-08-14 18:15:11
ubuntucve
ubuntucve
CVE-2023-40360
2023-08-14 00:00:00
prion
prion
Null pointer dereference
2023-08-14 18:15:00
ubuntu
ubuntu
QEMU vulnerabilities
2024-01-08 00:00:00
QEMU regression
2024-06-06 00:00:00
nessus
nessus
Ubuntu 20.04 LTS / 22.04 LTS : QEMU regression (USN-6567-2)
2024-06-06 00:00:00
Oracle Linux 8 : virt:kvm_utils1 (ELSA-2024-12435)
2024-06-14 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6567-1)
2024-01-09 00:00:00
oraclelinux
oraclelinux
virt:kvm_utils2 security update
2024-09-02 00:00:00
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
6.7
Confidence
High
EPSS
0.001
Percentile
19.6%
Related for NVD:CVE-2023-40360