CVE-2018-16847 QEMU: nvme: Out-of-bounds r/w buffer access in cmb operations

[P J P <ppandit () redhat com>]

  Hello,

An OOB heap buffer r/w access issue was found in the NVM Express Controller 
emulation in QEMU.  It could occur in nvme_cmb_ops routines in nvme devices. A 
guest user/process could use this flaw to crash the QEMU process resulting in 
DoS or potentially run arbitrary code with privileges of the QEMU process.

Upstream patch:
---------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html

This issue was found and reported by Li Qiang. 'CVE-2018-16847' assigned by 
Red Hat Inc.

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F