CVE-2016-1568Use After Free in Qemu

CWE-416Use After Free10 documents8 sources
Severity
8.8HIGHNVD
EPSS
0.3%
top 43.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
QemuDebian LinuxRedhat Openstack+1 more
Timeline
PublishedApr 12
Latest updateMay 13

Description

Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages4 packages

Debianqemu/qemu< 1:2.5+dfsg-2+3
NVDqemu/qemu2.5.1.1
NVDredhat/openstack5.0, 6.0, 7.0+2

Also affects: Debian Linux 7.0, 8.0

🔴Vulnerability Details

3
GHSA
GHSA-gx29-hhc2-825w: Use-after-free vulnerability in hw/ide/ahci2022-05-13
OSV
CVE-2016-1568: Use-after-free vulnerability in hw/ide/ahci2016-04-12
CVEList
CVE-2016-1568: Use-after-free vulnerability in hw/ide/ahci2016-04-08

📋Vendor Advisories

3
Ubuntu
QEMU vulnerabilities2016-02-03
Red Hat
Qemu: ide: ahci use-after-free vulnerability in aio port commands2016-01-08
Debian
CVE-2016-1568: qemu - Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI ...2016

💬Community

3
Bugzilla
CVE-2016-1568 qemu: Use-after-free vulnerability in ahci [fedora-all]2016-01-08
Bugzilla
CVE-2016-1568 xen: qemu: Use-after-free vulnerability in ahci [fedora-all]2016-01-08
Bugzilla
CVE-2016-1568 Qemu: ide: ahci use-after-free vulnerability in aio port commands2015-12-04
CVE-2016-1568 — Use After Free in Qemu | cvebase