CVE-2015-3456

HIGH

Description

The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.

References

http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e907746266721f305d67bc0718795fedee2e824c

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10693

http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html

http://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html

http://marc.info/?l=bugtraq&m=143229451215900&w=2

http://marc.info/?l=bugtraq&m=143387998230996&w=2

http://rhn.redhat.com/errata/RHSA-2015-0998.html

http://rhn.redhat.com/errata/RHSA-2015-0999.html

http://rhn.redhat.com/errata/RHSA-2015-1000.html

http://rhn.redhat.com/errata/RHSA-2015-1001.html

http://rhn.redhat.com/errata/RHSA-2015-1002.html

http://rhn.redhat.com/errata/RHSA-2015-1003.html

http://rhn.redhat.com/errata/RHSA-2015-1004.html

http://rhn.redhat.com/errata/RHSA-2015-1011.html

http://support.citrix.com/article/CTX201078

http://venom.crowdstrike.com/

http://www.debian.org/security/2015/dsa-3259

http://www.debian.org/security/2015/dsa-3262

http://www.debian.org/security/2015/dsa-3274

http://www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerability

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

http://www.securityfocus.com/bid/74640

http://www.securitytracker.com/id/1032306

http://www.securitytracker.com/id/1032311

http://www.securitytracker.com/id/1032917

http://www.ubuntu.com/usn/USN-2608-1

http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htm

http://xenbits.xen.org/xsa/advisory-133.html

https://access.redhat.com/articles/1444903

https://bto.bluecoat.com/security-advisory/sa95

https://kb.juniper.net/JSA10783

https://kc.mcafee.com/corporate/index?page=content&id=SB10118

https://security.gentoo.org/glsa/201602-01

https://security.gentoo.org/glsa/201604-03

https://security.gentoo.org/glsa/201612-27

https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/

https://support.lenovo.com/us/en/product_security/venom

https://www.exploit-db.com/exploits/37053/

https://www.suse.com/security/cve/CVE-2015-3456.html

Details

Source: MITRE

Published: 2015-05-13

Updated: 2019-04-22

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 7.7

Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 5.1

Severity: HIGH

Tenable Plugins

View all (62 total)

IDNameProductFamilySeverity
104999Check Point Gaia Operating System VM escape and code execution (sk106060)(VENOM)NessusFirewalls
high
95695GLSA-201612-27 : VirtualBox: Multiple vulnerabilities (Venom)NessusGentoo Local Security Checks
high
90380GLSA-201604-03 : Xen: Multiple vulnerabilities (Venom)NessusGentoo Local Security Checks
high
88587GLSA-201602-01 : QEMU: Multiple vulnerabilities (Venom)NessusGentoo Local Security Checks
critical
85525openSUSE Security Update : virtualbox (openSUSE-2015-550) (Venom)NessusSuSE Local Security Checks
high
84551Debian DLA-268-1 : virtualbox-ose security update (Venom)NessusDebian Local Security Checks
high
84333openSUSE Security Update : xen (openSUSE-2015-434) (Venom)NessusSuSE Local Security Checks
high
84295Debian DLA-249-1 : qemu-kvm security update (Venom)NessusDebian Local Security Checks
high
84294Debian DLA-248-1 : qemu security update (Venom)NessusDebian Local Security Checks
high
84140OracleVM 3.2 : xen (OVMSA-2015-0068) (POODLE) (Venom)NessusOracleVM Local Security Checks
high
83965openSUSE Security Update : xen (openSUSE-2015-391) (Venom)NessusSuSE Local Security Checks
high
83889Debian DSA-3274-1 : virtualbox - security update (Venom)NessusDebian Local Security Checks
high
83859SUSE SLES11 Security Update : Xen (SUSE-SU-2015:0944-1) (Venom)NessusSuSE Local Security Checks
high
83858SUSE SLES11 Security Update : KVM (SUSE-SU-2015:0943-1) (Venom)NessusSuSE Local Security Checks
high
83856SUSE SLES11 Security Update : Xen (SUSE-SU-2015:0940-1) (Venom)NessusSuSE Local Security Checks
high
83854SUSE SLES11 Security Update : KVM (SUSE-SU-2015:0929-1) (Venom)NessusSuSE Local Security Checks
high
83853SUSE SLED11 / SLES11 Security Update : Xen (SUSE-SU-2015:0927-1) (Venom)NessusSuSE Local Security Checks
high
83852SUSE SLES10 Security Update : Xen (SUSE-SU-2015:0889-2) (Venom)NessusSuSE Local Security Checks
high
83844RHEL 6 : qemu-kvm (RHSA-2015:1031) (Venom)NessusRed Hat Local Security Checks
high
83834Fedora 21 : xen-4.4.2-4.fc21 (2015-8270) (Venom)NessusFedora Local Security Checks
high
83832Fedora 20 : xen-4.3.4-4.fc20 (2015-8252) (Venom)NessusFedora Local Security Checks
high
83829Fedora 22 : qemu-2.3.0-4.fc22 (2015-8220) (Venom)NessusFedora Local Security Checks
high
83828Fedora 22 : xen-4.5.0-9.fc22 (2015-8194) (Venom)NessusFedora Local Security Checks
high
83791Fedora 20 : qemu-1.6.2-14.fc20 (2015-8248) (Venom)NessusFedora Local Security Checks
high
83763Citrix XenServer QEMU FDC Buffer Overflow RCE (CTX201078) (VENOM)NessusMisc.
high
83757SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2015:0923-1) (Venom)NessusSuSE Local Security Checks
high
83749F5 Networks BIG-IP : QEMU vulnerability (SOL16620) (Venom)NessusF5 Networks Local Security Checks
high
83729Oracle VM VirtualBox < 3.2.28 / 4.0.30 / 4.1.38 / 4.2.30 / 4.3.28 QEMU FDC Overflow RCE (VENOM)NessusWindows
high
83536RHEL 7 : rhev-hypervisor (RHSA-2015:1011) (Venom)NessusRed Hat Local Security Checks
high
83534openSUSE Security Update : qemu (openSUSE-2015-364) (Venom)NessusSuSE Local Security Checks
high
83533openSUSE Security Update : qemu (openSUSE-2015-363) (Venom)NessusSuSE Local Security Checks
high
83532Debian DSA-3262-1 : xen - security update (Venom)NessusDebian Local Security Checks
high
83515SuSE 11.3 Security Update : KVM (SAT Patch Number 10672)NessusSuSE Local Security Checks
high
83510FreeBSD : qemu, xen and VirtualBox OSE -- possible VM escape and code execution ('VENOM') (2780e442-fc59-11e4-b18b-6805ca1d3bb1) (Venom)NessusFreeBSD Local Security Checks
high
83506Fedora 21 : qemu-2.1.3-7.fc21 (2015-8249) (Venom)NessusFedora Local Security Checks
high
83484OracleVM 2.2 : xen (OVMSA-2015-0059) (Venom)NessusOracleVM Local Security Checks
high
83483OracleVM 3.2 : xen (OVMSA-2015-0058) (Venom)NessusOracleVM Local Security Checks
high
83482OracleVM 3.3 : xen (OVMSA-2015-0057) (Venom)NessusOracleVM Local Security Checks
high
83460Scientific Linux Security Update : xen on SL5.x i386/x86_64 (20150513) (Venom)NessusScientific Linux Local Security Checks
high
83459Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20150513) (Venom)NessusScientific Linux Local Security Checks
high
83458Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20150513) (Venom)NessusScientific Linux Local Security Checks
high
83457Scientific Linux Security Update : kvm on SL5.x x86_64 (20150513) (Venom)NessusScientific Linux Local Security Checks
high
83447Oracle Linux 5 : kvm (ELSA-2015-1003) (Venom)NessusOracle Linux Local Security Checks
high
83446Oracle Linux 5 : xen (ELSA-2015-1002) (Venom)NessusOracle Linux Local Security Checks
high
83445Oracle Linux 7 : qemu-kvm (ELSA-2015-0999) (Venom)NessusOracle Linux Local Security Checks
high
83444Oracle Linux 6 : qemu-kvm (ELSA-2015-0998) (Venom)NessusOracle Linux Local Security Checks
high
83435Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : qemu, qemu-kvm vulnerabilities (USN-2608-1) (Venom)NessusUbuntu Local Security Checks
high
83430RHEL 5 : kvm (RHSA-2015:1003) (Venom)NessusRed Hat Local Security Checks
high
83429RHEL 5 : xen (RHSA-2015:1002) (Venom)NessusRed Hat Local Security Checks
high
83428RHEL 6 : qemu-kvm-rhev (RHSA-2015:1001) (Venom)NessusRed Hat Local Security Checks
high
83427RHEL 7 : qemu-kvm-rhev (RHSA-2015:1000) (Venom)NessusRed Hat Local Security Checks
high
83426RHEL 7 : qemu-kvm (RHSA-2015:0999) (Venom)NessusRed Hat Local Security Checks
high
83425RHEL 6 : qemu-kvm (RHSA-2015:0998) (Venom)NessusRed Hat Local Security Checks
high
83422Debian DSA-3259-1 : qemu - security update (Venom)NessusDebian Local Security Checks
high
83421CentOS 5 : kvm (CESA-2015:1003) (Venom)NessusCentOS Local Security Checks
high
83420CentOS 5 : xen (CESA-2015:1002) (Venom)NessusCentOS Local Security Checks
high
83419CentOS 7 : qemu-kvm (CESA-2015:0999) (Venom)NessusCentOS Local Security Checks
high
83418CentOS 6 : qemu-kvm (CESA-2015:0998) (Venom)NessusCentOS Local Security Checks
high
801943kvm < 83-272 el5+ Venom VulnerabilityLog Correlation EngineGeneric
high
801942qemu-kvm-rhev < 2.1.2-23 el7 Venom VulnerabilityLog Correlation EngineGeneric
high
801940qemu-kvm < 0.12.1.2-2.448 el6 Venom VulnerabilityLog Correlation EngineGeneric
high
801939xen < 3.0.3-146 Venom VulnerabilityLog Correlation EngineGeneric
high