CVE-2023-40360

Ubuntu Security Notice USN-6567-2

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled.

QEMU hasta 8.0.4 accede a un puntero NULL en nvme_directive_receive en hw/nvme/ctrl.c porque no se verifica si un grupo de resistencia está configurado antes de verificar si la Ubicación Flexible de Datos está habilitada.

Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the USB xHCI controller device. A privileged guest attacker could possibly use this issue to cause QEMU to crash, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that QEMU incorrectly handled the TCG Accelerator. A local attacker could use this issue to cause QEMU to crash, leading to a denial of service, or possibly execute arbitrary code and escalate privileges. This issue only affected Ubuntu 20.04 LTS.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-08-14 CVE Reserved
2023-08-14 CVE Published
2024-08-02 CVE Updated
2024-08-02 First Exploit
2025-04-15 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (4)

URL	Tag	Source
https://security.netapp.com/advisory/ntap-20230915-0004	Third Party Advisory

URL	Date	SRC
https://gitlab.com/qemu-project/qemu/-/issues/1815	2024-08-02

URL	Date	SRC
https://gitlab.com/birkelund/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98	2023-12-11

URL	Date	SRC
https://www.qemu.org/docs/master/system/security.html	2023-12-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Qemu Search vendor "Qemu"		Qemu Search vendor "Qemu" for product "Qemu"				>= 8.0.0 <= 8.0.4 Search vendor "Qemu" for product "Qemu" and version " >= 8.0.0 <= 8.0.4"		-		Affected