First published: Fri Dec 04 2015(Updated: )
Last updated 24 July 2024
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
QEMU qemu | <=2.5.1.1 | |
Redhat Openstack | =6.0 | |
Redhat Openstack | =7.0 | |
Redhat Openstack | =5.0 | |
Redhat Virtualization | =3.0 | |
Redhat Enterprise Linux | =7.0 | |
Debian Debian Linux | =7.0 | |
Debian Debian Linux | =8.0 | |
All of | ||
Any of | ||
Redhat Openstack | =5.0 | |
Redhat Virtualization | =3.0 | |
Redhat Enterprise Linux | =7.0 | |
debian/qemu | 1:5.2+dfsg-11+deb11u3 1:5.2+dfsg-11+deb11u2 1:7.2+dfsg-7+deb12u7 1:9.2.0+ds-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-1568 is a use-after-free vulnerability in QEMU's IDE AHCI Emulation support.
CVE-2016-1568 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command.
CVE-2016-1568 has a severity rating of high (7).
QEMU versions 2.0.0+dfsg-2ubuntu1.22, 1:2.3+dfsg-5ubuntu9.2, 1.0+, and Debian versions 1:3.1+dfsg-8+deb10u8, 1:3.1+dfsg-8+deb10u10, 1:5.2+dfsg-11+deb11u2, 1:7.2+dfsg-7+deb12u1, 1:8.0.4+dfsg-3, 1:8.1.0+ds-6 are affected.
To fix CVE-2016-1568, update to QEMU version 2.0.0+dfsg-2ubuntu1.22 (for Ubuntu), 1:2.3+dfsg-5ubuntu9.2 (for Ubuntu), 1.0+ (for Ubuntu), 1:3.1+dfsg-8+deb10u8, 1:3.1+dfsg-8+deb10u10, 1:5.2+dfsg-11+deb11u2, 1:7.2+dfsg-7+deb12u1, 1:8.0.4+dfsg-3, or 1:8.1.0+ds-6 (for Debian).