A use-after-free flaw was found in the way QEMU's IDE AHCI emulator processed certain AHCI Native Command Queuing (NCQ) AIO commands. A privileged guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process.
Find out more about CVE-2016-1568 from the MITRE CVE dictionary dictionary and NIST NVD.
| Base Score | 4 |
|---|---|
| Base Metrics | AV:A/AC:H/Au:S/C:P/I:P/A:P |
| Access Vector | Adjacent Network |
| Access Complexity | High |
| Authentication | Single |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 (qemu-kvm-rhev) | RHSA-2016:0087 | 2016-01-28 |
| Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts (qemu-kvm-rhev) | RHSA-2016:0084 | 2016-01-28 |
| Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 (qemu-kvm-rhev) | RHSA-2016:0088 | 2016-01-28 |
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 (qemu-kvm-rhev) | RHSA-2016:0086 | 2016-01-28 |
| RHEV Power Host (qemu-kvm-rhev) | RHSA-2016:0084 | 2016-01-28 |
| Platform | Package | State |
|---|---|---|
| Red Hat OpenStack Platform 8.0 (Liberty) | qemu-kvm-rhev | Affected |
| Red Hat Enterprise Linux 7 | qemu-kvm | Affected |
| Red Hat Enterprise Linux 6 | qemu-kvm | Not affected |
| Red Hat Enterprise Linux 6 | qemu-kvm-rhev | Not affected |
| Red Hat Enterprise Linux 5 | kvm | Not affected |
| Red Hat Enterprise Linux 5 | xen | Not affected |
Vulmon