CVE-2015-3456

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.

References

http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e907746266721f305d67bc0718795fedee2e824c

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10693

http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html

http://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html

http://marc.info/?l=bugtraq&m=143229451215900&w=2

http://marc.info/?l=bugtraq&m=143387998230996&w=2

http://rhn.redhat.com/errata/RHSA-2015-0998.html

http://rhn.redhat.com/errata/RHSA-2015-0999.html

http://rhn.redhat.com/errata/RHSA-2015-1000.html

http://rhn.redhat.com/errata/RHSA-2015-1001.html

http://rhn.redhat.com/errata/RHSA-2015-1002.html

http://rhn.redhat.com/errata/RHSA-2015-1003.html

http://rhn.redhat.com/errata/RHSA-2015-1004.html

http://rhn.redhat.com/errata/RHSA-2015-1011.html

http://support.citrix.com/article/CTX201078

http://venom.crowdstrike.com/

http://www.debian.org/security/2015/dsa-3259

http://www.debian.org/security/2015/dsa-3262

http://www.debian.org/security/2015/dsa-3274

http://www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerability

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

http://www.securityfocus.com/bid/74640

http://www.securitytracker.com/id/1032306

http://www.securitytracker.com/id/1032311

http://www.securitytracker.com/id/1032917

http://www.ubuntu.com/usn/USN-2608-1

http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htm

http://xenbits.xen.org/xsa/advisory-133.html

https://access.redhat.com/articles/1444903

https://bto.bluecoat.com/security-advisory/sa95

https://kb.juniper.net/JSA10783

https://kc.mcafee.com/corporate/index?page=content&id=SB10118

https://security.gentoo.org/glsa/201602-01

https://security.gentoo.org/glsa/201604-03

https://security.gentoo.org/glsa/201612-27

https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/

https://support.lenovo.com/us/en/product_security/venom

https://www.exploit-db.com/exploits/37053/

https://www.suse.com/security/cve/CVE-2015-3456.html

Details

Source: MITRE

Published: 2015-05-13

Updated: 2019-04-22

Type: CWE-119

Risk Information

CVSS v2

Base Score: 7.7

Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 5.1

Severity: HIGH

Tenable Plugins

View all (62 total)

IDNameProductFamilySeverity
104999Check Point Gaia Operating System VM escape and code execution (sk106060)(VENOM)NessusFirewalls
high
95695GLSA-201612-27 : VirtualBox: Multiple vulnerabilities (Venom)NessusGentoo Local Security Checks
medium
90380GLSA-201604-03 : Xen: Multiple vulnerabilities (Venom)NessusGentoo Local Security Checks
critical
88587GLSA-201602-01 : QEMU: Multiple vulnerabilities (Venom)NessusGentoo Local Security Checks
critical
85525openSUSE Security Update : virtualbox (openSUSE-2015-550) (Venom)NessusSuSE Local Security Checks
high
84551Debian DLA-268-1 : virtualbox-ose security update (Venom)NessusDebian Local Security Checks
high
84333openSUSE Security Update : xen (openSUSE-2015-434) (Venom)NessusSuSE Local Security Checks
high
84295Debian DLA-249-1 : qemu-kvm security update (Venom)NessusDebian Local Security Checks
high
84294Debian DLA-248-1 : qemu security update (Venom)NessusDebian Local Security Checks
high
84140OracleVM 3.2 : xen (OVMSA-2015-0068) (POODLE) (Venom)NessusOracleVM Local Security Checks
low
83965openSUSE Security Update : xen (openSUSE-2015-391) (Venom)NessusSuSE Local Security Checks
high
83889Debian DSA-3274-1 : virtualbox - security update (Venom)NessusDebian Local Security Checks
high
83859SUSE SLES11 Security Update : Xen (SUSE-SU-2015:0944-1) (Venom)NessusSuSE Local Security Checks
high
83858SUSE SLES11 Security Update : KVM (SUSE-SU-2015:0943-1) (Venom)NessusSuSE Local Security Checks
high
83856SUSE SLES11 Security Update : Xen (SUSE-SU-2015:0940-1) (Venom)NessusSuSE Local Security Checks
high
83854SUSE SLES11 Security Update : KVM (SUSE-SU-2015:0929-1) (Venom)NessusSuSE Local Security Checks
high
83853SUSE SLED11 / SLES11 Security Update : Xen (SUSE-SU-2015:0927-1) (Venom)NessusSuSE Local Security Checks
high
83852SUSE SLES10 Security Update : Xen (SUSE-SU-2015:0889-2) (Venom)NessusSuSE Local Security Checks
high
83844RHEL 6 : qemu-kvm (RHSA-2015:1031) (Venom)NessusRed Hat Local Security Checks
high
83834Fedora 21 : xen-4.4.2-4.fc21 (2015-8270) (Venom)NessusFedora Local Security Checks
high
83832Fedora 20 : xen-4.3.4-4.fc20 (2015-8252) (Venom)NessusFedora Local Security Checks
high
83829Fedora 22 : qemu-2.3.0-4.fc22 (2015-8220) (Venom)NessusFedora Local Security Checks
high
83828Fedora 22 : xen-4.5.0-9.fc22 (2015-8194) (Venom)NessusFedora Local Security Checks
high
83791Fedora 20 : qemu-1.6.2-14.fc20 (2015-8248) (Venom)NessusFedora Local Security Checks
high
83763Citrix XenServer QEMU FDC Buffer Overflow RCE (CTX201078) (VENOM)NessusMisc.
critical
83757SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2015:0923-1) (Venom)NessusSuSE Local Security Checks
high
83749F5 Networks BIG-IP : QEMU vulnerability (SOL16620) (Venom)NessusF5 Networks Local Security Checks
high
83729Oracle VM VirtualBox < 3.2.28 / 4.0.30 / 4.1.38 / 4.2.30 / 4.3.28 QEMU FDC Overflow RCE (VENOM)NessusWindows
high
83536RHEL 7 : rhev-hypervisor (RHSA-2015:1011) (Venom)NessusRed Hat Local Security Checks
high
83534openSUSE Security Update : qemu (openSUSE-2015-364) (Venom)NessusSuSE Local Security Checks
high
83533openSUSE Security Update : qemu (openSUSE-2015-363) (Venom)NessusSuSE Local Security Checks
high
83532Debian DSA-3262-1 : xen - security update (Venom)NessusDebian Local Security Checks
high
83515SuSE 11.3 Security Update : KVM (SAT Patch Number 10672)NessusSuSE Local Security Checks
high
83510FreeBSD : qemu, xen and VirtualBox OSE -- possible VM escape and code execution ('VENOM') (2780e442-fc59-11e4-b18b-6805ca1d3bb1) (Venom)NessusFreeBSD Local Security Checks
high
83506Fedora 21 : qemu-2.1.3-7.fc21 (2015-8249) (Venom)NessusFedora Local Security Checks
high
83484OracleVM 2.2 : xen (OVMSA-2015-0059) (Venom)NessusOracleVM Local Security Checks
high
83483OracleVM 3.2 : xen (OVMSA-2015-0058) (Venom)NessusOracleVM Local Security Checks
high
83482OracleVM 3.3 : xen (OVMSA-2015-0057) (Venom)NessusOracleVM Local Security Checks
high
83460Scientific Linux Security Update : xen on SL5.x i386/x86_64 (20150513) (Venom)NessusScientific Linux Local Security Checks
high
83459Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20150513) (Venom)NessusScientific Linux Local Security Checks
high
83458Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20150513) (Venom)NessusScientific Linux Local Security Checks
high
83457Scientific Linux Security Update : kvm on SL5.x x86_64 (20150513) (Venom)NessusScientific Linux Local Security Checks
high
83447Oracle Linux 5 : kvm (ELSA-2015-1003) (Venom)NessusOracle Linux Local Security Checks
high
83446Oracle Linux 5 : xen (ELSA-2015-1002) (Venom)NessusOracle Linux Local Security Checks
high
83445Oracle Linux 7 : qemu-kvm (ELSA-2015-0999) (Venom)NessusOracle Linux Local Security Checks
high
83444Oracle Linux 6 : qemu-kvm (ELSA-2015-0998) (Venom)NessusOracle Linux Local Security Checks
high
83435Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : qemu, qemu-kvm vulnerabilities (USN-2608-1) (Venom)NessusUbuntu Local Security Checks
high
83430RHEL 5 : kvm (RHSA-2015:1003) (Venom)NessusRed Hat Local Security Checks
high
83429RHEL 5 : xen (RHSA-2015:1002) (Venom)NessusRed Hat Local Security Checks
high
83428RHEL 6 : qemu-kvm-rhev (RHSA-2015:1001) (Venom)NessusRed Hat Local Security Checks
high
83427RHEL 7 : qemu-kvm-rhev (RHSA-2015:1000) (Venom)NessusRed Hat Local Security Checks
high
83426RHEL 7 : qemu-kvm (RHSA-2015:0999) (Venom)NessusRed Hat Local Security Checks
high
83425RHEL 6 : qemu-kvm (RHSA-2015:0998) (Venom)NessusRed Hat Local Security Checks
high
83422Debian DSA-3259-1 : qemu - security update (Venom)NessusDebian Local Security Checks
high
83421CentOS 5 : kvm (CESA-2015:1003) (Venom)NessusCentOS Local Security Checks
high
83420CentOS 5 : xen (CESA-2015:1002) (Venom)NessusCentOS Local Security Checks
high
83419CentOS 7 : qemu-kvm (CESA-2015:0999) (Venom)NessusCentOS Local Security Checks
high
83418CentOS 6 : qemu-kvm (CESA-2015:0998) (Venom)NessusCentOS Local Security Checks
high
801943kvm < 83-272 el5+ Venom VulnerabilityLog Correlation EngineGeneric
high
801942qemu-kvm-rhev < 2.1.2-23 el7 Venom VulnerabilityLog Correlation EngineGeneric
high
801940qemu-kvm < 0.12.1.2-2.448 el6 Venom VulnerabilityLog Correlation EngineGeneric
high
801939xen < 3.0.3-146 Venom VulnerabilityLog Correlation EngineGeneric
high