Qemu emulator built with the IDE AHCI Emulation support is vulnerable to a use after free issue. It could occur after processing AHCI Native Command Queuing(NCQ) AIO commands. A privileged user inside guest could use this flaw to crash the Qemu process instance or potentially execute arbitrary code with privileges of the Qemu process on the host. Upstream fix: ------------- -> https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg01184.html Reference: ---------- -> http://www.openwall.com/lists/oss-security/2016/01/09/2
Statement: (none)
Created xen tracking bugs for this issue: Affects: fedora-all [bug 1297024]
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1297023]
qemu-2.4.1-6.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in the following products: OpenStack 7 For RHEL 7 Via RHSA-2016:0088 https://rhn.redhat.com/errata/RHSA-2016-0088.html
This issue has been addressed in the following products: OpenStack 6 for RHEL 7 Via RHSA-2016:0087 https://rhn.redhat.com/errata/RHSA-2016-0087.html
This issue has been addressed in the following products: OpenStack 5 for RHEL 7 Via RHSA-2016:0086 https://rhn.redhat.com/errata/RHSA-2016-0086.html
This issue has been addressed in the following products: RHEV 3.6 For IBM Power Systems RHEV-H and Agents for RHEL-7 Via RHSA-2016:0084 https://rhn.redhat.com/errata/RHSA-2016-0084.html