PT-2016-1740 · Qemu+3 · Qemu+3

Qinghao Tang

Publicado

2016-01-11

Atualizado

2024-06-15

CVE-2016-1568

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions QEMU (affected versions not specified)

Description The issue is related to a use-after-free vulnerability in the hw/ide/ahci.c component of QEMU, specifically when it is built with IDE AHCI Emulation support. This vulnerability can be exploited by guest OS users, potentially allowing them to cause a denial of service, such as crashing the instance, or possibly execute arbitrary code. The exploitation is linked to an invalid AHCI Native Command Queuing (NCQ) AIO command.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALT-PU-2016-1565

BDU:2016-01066

CVE-2016-1568

DSA-3469-1

DSA-3470-1

DSA-3471-1

MGASA-2016-0023

OPENSUSE-SU-2016_0914-1

OPENSUSE-SU-2016_0995-1

OPENSUSE-SU-2016_1750-1

OPENSUSE-SU-2024:10196-1

RHSA-2016:0084

RHSA-2016:0086

RHSA-2016:0087

RHSA-2016:0088

SUSE-SU-2016:0873-1

SUSE-SU-2016:0955-1

SUSE-SU-2016:1318-1

SUSE-SU-2016:1560-1

SUSE-SU-2016:1698-1

SUSE-SU-2016:1703-1

SUSE-SU-2016:1745-1

SUSE-SU-2016:1785-1

USN-2891-1

Produtos afetados

Alt Linux

Qemu

Suse

Ubuntu

PT-2016-1740 · Qemu+3 · Qemu+3

CVE-2016-1568

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 439