Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-1568

Опубликовано: 12 апр. 2016
Источник: debian
EPSS Низкий

Описание

Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
qemufixed1:2.5+dfsg-2package
qemunot-affectedsqueezepackage
qemu-kvmremovedpackage
qemu-kvmnot-affectedsqueezepackage

Примечания

  • Fixed by: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg01184.html

  • ahci emulation added in: http://git.qemu.org/?p=qemu.git;a=commit;h=f6ad2e32f8d833c7f1c75dc084a84a8f02704d64 (v0.14.0-rc0)

  • https://bugzilla.redhat.com/show_bug.cgi?id=1288532

  • https://www.openwall.com/lists/oss-security/2016/01/09/1

EPSS

Процентиль: 56%
0.0033
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2016-1568

CVSS3: 8.8
ubuntu
почти 10 лет назад

Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command.

redhat логотип

CVE-2016-1568

redhat
около 10 лет назад

Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command.

nvd логотип

CVE-2016-1568

CVSS3: 8.8
nvd
почти 10 лет назад

Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command.

github логотип

GHSA-gx29-hhc2-825w

CVSS3: 8.8
github
больше 3 лет назад

Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command.

fstec логотип

BDU:2016-01066

fstec
почти 10 лет назад

Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

EPSS

Процентиль: 56%
0.0033
Низкий