CVE-2023-40360 — QEMU through 8

QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled.

01What is this vulnerability?

QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled.

02Affected products

Vendor	Product	Versions
n	a / n/a	n/a

03Active exploitation status

Not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. EPSS is the best forward-looking signal — see the EPSS row above.

04Recommended remediation

• Patch to a fixed version listed in the vendor advisory (see references below).
• Mitigate with WAF rules, network egress filters, or feature flags where the patch is not yet available.
• Hunt historical logs for exploitation indicators — see Detection signatures below.

05Technical details

For the full vendor write-up, exploit chains, and reference implementations, see the references list in section 09.

06Detection signatures

Open the Sigma generator with a pre-filled prompt for this CVE to draft a starting detection in your stack of choice:

Open in Sigma generator →

07Related CVEs

No directly-cited follow-up CVEs in the KB record for this advisory. The references list in section 09 carries the vendor cross-references.

08Timeline

• Published: 2023-08-14T00:00:00.000Z
• Last modified: 2024-08-02T18:31:53.797Z

09References

• gitlab.com — https://gitlab.com/qemu-project/qemu/-/issues/1815
• gitlab.com — https://gitlab.com/birkelund/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7…
• www.qemu.org — https://www.qemu.org/docs/master/system/security.html
• security.netapp.com — https://security.netapp.com/advisory/ntap-20230915-0004/