What the vulnerability does

01Description

A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information.

Key dates

02Disclosure timeline

February 18, 2022 CVE published
August 3, 2024 Record updated