QEMU: NVME: Arbitrary Memory Read. A stack buffer overflow flaw was found in NVME in QEMU. The flaw lies in hw/nvme/ctrl.c:nvme_changed_nslist() where a variable named off (Log Page offset) is controlled by guest which if set to bigger than 4096 could lead to an integer underflow. Another variable buf_len can also be partially controlled by the guest which would lead to a stack buffer overflow. Since this flaw allows an attacker to read out of bounds memory it could lead to disclosure of sensitive information. CREATE(Triage):(User=admin) CVE-2021-39474 (https://nvd.nist.gov/vuln/detail/CVE-2021-39474)
