NULL Pointer Dereference in QEMU's nvme_directive_receive() Function
CVE-2023-40360 · MEDIUM Severity
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled.
Learn more about our Web Application Penetration Testing UK.