CVE-2016-1568

NameCVE-2016-1568
DescriptionUse-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-3469-1, DSA-3470-1, DSA-3471-1
NVD severityhigh (attack range: remote)
Debian Bugs810527

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
qemu (PTS)wheezy1.1.2+dfsg-6a+deb7u12fixed
wheezy (security)1.1.2+dfsg-6+deb7u24fixed
jessie (security), jessie1:2.1+dfsg-12+deb8u6fixed
stretch1:2.8+dfsg-6+deb9u2fixed
stretch (security)1:2.8+dfsg-6+deb9u3fixed
buster, sid1:2.10.0+dfsg-2fixed
qemu-kvm (PTS)wheezy1.1.2+dfsg-6+deb7u12fixed
wheezy (security)1.1.2+dfsg-6+deb7u24fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
qemusource(unstable)1:2.5+dfsg-2high810527
qemusourcejessie1:2.1+dfsg-12+deb8u5ahighDSA-3471-1
qemusourcesqueeze(not affected)
qemusourcewheezy1.1.2+dfsg-6a+deb7u12highDSA-3469-1
qemu-kvmsource(unstable)(unfixed)high
qemu-kvmsourcesqueeze(not affected)
qemu-kvmsourcewheezy1.1.2+dfsg-6+deb7u12highDSA-3470-1

Notes

[squeeze] - qemu <not-affected> (Vulnerable code introduced later)
[squeeze] - qemu-kvm <not-affected> (Vulnerable code introduced later)
Fixed by: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg01184.html
ahci emulation added in: http://git.qemu.org/?p=qemu.git;a=commit;h=f6ad2e32f8d833c7f1c75dc084a84a8f02704d64 (v0.14.0-rc0)
https://bugzilla.redhat.com/show_bug.cgi?id=1288532
http://www.openwall.com/lists/oss-security/2016/01/09/1

Search for package or bug name: Reporting problems