Summary: | <app-emulation/qemu-2.5.0-r1: ide: ahci use-after-free vulnerability in aio port commands (CVE-2016-1568) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | qemu+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2016/01/09/1 | ||
Whiteboard: | B2 [glsa cleanup cve] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2016-01-11 17:04:02 UTC
fix is in qemu-2.5.0-r1 in the tree now http://gitweb.gentoo.org/repo/gentoo.git/commit/?id=96bdea53ec5c2e6d80e30b288043e34bfc766e25 @vapier: is fine to stabilize 2.5.0-r1? (In reply to Agostino Sarubbo from comment #2) > @vapier: is fine to stabilize 2.5.0-r1? Should be. Get the arches going. amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. Added to existing GLSA draft CVE-2016-1568 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1568): A user-after-free vulnerability was discovered in the QEMU emulator built with IDE AHCI emulation support. The flaw could occur after processing AHCI Native Command Queuing(NCQ) AIO commands. A privileged user inside the guest could use this flaw to crash the QEMU process instance (denial of service) or potentially execute arbitrary code on the host with QEMU-process privileges. This issue was resolved and addressed in GLSA 201602-01 at https://security.gentoo.org/glsa/201602-01 by GLSA coordinator Kristian Fiskerstrand (K_F). |