CVE-2016-1568high
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command.
References
http://git.qemu.org/?p=qemu.git;a=commit;h=4ab0359a8ae182a7ac5c99609667273167703fab
http://rhn.redhat.com/errata/RHSA-2016-0084.html
http://rhn.redhat.com/errata/RHSA-2016-0086.html
http://rhn.redhat.com/errata/RHSA-2016-0087.html
http://rhn.redhat.com/errata/RHSA-2016-0088.html
http://www.debian.org/security/2016/dsa-3469
http://www.debian.org/security/2016/dsa-3470
http://www.debian.org/security/2016/dsa-3471
http://www.openwall.com/lists/oss-security/2016/01/09/1
http://www.openwall.com/lists/oss-security/2016/01/09/2
http://www.securityfocus.com/bid/80191
Details
Source: MITRE
Published: 2016-04-12
Updated: 2020-10-15
Type: CWE-416
Risk Information
CVSS v2
Base Score: 6.9
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 3.4
Severity: MEDIUM
CVSS v3
Base Score: 8.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Impact Score: 6
Exploitability Score: 2
Severity: HIGH
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* versions up to 2.5.1.1 (inclusive)
Configuration 2
OR
Configuration 3
AND
OR
OR
Configuration 4
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 135559 | EulerOS 2.0 SP3 : qemu-kvm (EulerOS-SA-2020-1430) | Nessus | Huawei Local Security Checks | critical |
| 131585 | EulerOS 2.0 SP2 : qemu-kvm (EulerOS-SA-2019-2431) | Nessus | Huawei Local Security Checks | critical |
| 117310 | RHEL 7 : qemu-kvm-rhev (RHSA-2016:0084) | Nessus | Red Hat Local Security Checks | high |
| 93180 | SUSE SLES11 Security Update : kvm (SUSE-SU-2016:1785-1) | Nessus | SuSE Local Security Checks | critical |
| 93177 | SUSE SLES11 Security Update : xen (SUSE-SU-2016:1745-1) | Nessus | SuSE Local Security Checks | critical |
| 93170 | SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2016:1703-1) | Nessus | SuSE Local Security Checks | critical |
| 93169 | SUSE SLES11 Security Update : kvm (SUSE-SU-2016:1698-1) | Nessus | SuSE Local Security Checks | critical |
| 91980 | openSUSE Security Update : qemu (openSUSE-2016-839) | Nessus | SuSE Local Security Checks | critical |
| 91660 | SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2016:1560-1) | Nessus | SuSE Local Security Checks | critical |
| 91249 | SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2016:1318-1) | Nessus | SuSE Local Security Checks | critical |
| 90478 | openSUSE Security Update : xen (openSUSE-2016-439) | Nessus | SuSE Local Security Checks | critical |
| 90396 | SUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2016:0955-1) | Nessus | SuSE Local Security Checks | critical |
| 90260 | openSUSE Security Update : xen (openSUSE-2016-413) | Nessus | SuSE Local Security Checks | critical |
| 90186 | SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2016:0873-1) | Nessus | SuSE Local Security Checks | critical |
| 89526 | Fedora 23 : qemu-2.4.1-6.fc23 (2016-42778e8c82) | Nessus | Fedora Local Security Checks | high |
| 88630 | Debian DSA-3471-1 : qemu - security update | Nessus | Debian Local Security Checks | critical |
| 88629 | Debian DSA-3470-1 : qemu-kvm - security update | Nessus | Debian Local Security Checks | critical |
| 88628 | Debian DSA-3469-1 : qemu - security update | Nessus | Debian Local Security Checks | critical |
| 88587 | GLSA-201602-01 : QEMU: Multiple vulnerabilities (Venom) | Nessus | Gentoo Local Security Checks | critical |
| 88576 | Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : qemu, qemu-kvm vulnerabilities (USN-2891-1) | Nessus | Ubuntu Local Security Checks | high |