F5 Networks BIG-IP : QEMU vulnerability (SOL16620) (Venom)
High Nessus Plugin ID 83749
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionAn out-of-bounds memory access flaw, also known as 'VENOM,' was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution SOL16620.