PT-2016-1740 · Qemu+3 · Qemu+3

Qinghao Tang

Published

2016-01-11

Updated

2024-06-15

CVE-2016-1568

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions QEMU (affected versions not specified)

Description The issue is related to a use-after-free vulnerability in the hw/ide/ahci.c component of QEMU, specifically when it is built with IDE AHCI Emulation support. This vulnerability can be exploited by guest OS users, potentially allowing them to cause a denial of service, such as crashing the instance, or possibly execute arbitrary code. The exploitation is linked to an invalid AHCI Native Command Queuing (NCQ) AIO command.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2016-1565

BDU:2016-01066

CVE-2016-1568

DSA-3469-1

DSA-3470-1

DSA-3471-1

MGASA-2016-0023

OPENSUSE-SU-2016_0914-1

OPENSUSE-SU-2016_0995-1

OPENSUSE-SU-2016_1750-1

OPENSUSE-SU-2024:10196-1

RHSA-2016:0084

RHSA-2016:0086

RHSA-2016:0087

RHSA-2016:0088

SUSE-SU-2016:0873-1

SUSE-SU-2016:0955-1

SUSE-SU-2016:1318-1

SUSE-SU-2016:1560-1

SUSE-SU-2016:1698-1

SUSE-SU-2016:1703-1

SUSE-SU-2016:1745-1

SUSE-SU-2016:1785-1

USN-2891-1

Affected Products

Alt Linux

Qemu

Suse

Ubuntu

PT-2016-1740 · Qemu+3 · Qemu+3

CVE-2016-1568

Weakness Enumeration

Related Identifiers

Affected Products

References · 439