CVE-2015-3456

critical

Description

The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.

References

https://www.suse.com/security/cve/CVE-2015-3456.html

https://www.exploit-db.com/exploits/37053/

https://www.arista.com/en/support/advisories-notices/security-advisories/1128-security-advisory-10

https://support.lenovo.com/us/en/product_security/venom

https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/

https://security.gentoo.org/glsa/201612-27

https://security.gentoo.org/glsa/201604-03

https://security.gentoo.org/glsa/201602-01

https://kc.mcafee.com/corporate/index?page=content&id=SB10118

https://kb.juniper.net/JSA10783

https://bto.bluecoat.com/security-advisory/sa95

https://access.redhat.com/articles/1444903

http://xenbits.xen.org/xsa/advisory-133.html

http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htm

http://www.ubuntu.com/usn/USN-2608-1

http://www.securitytracker.com/id/1032917

http://www.securitytracker.com/id/1032311

http://www.securitytracker.com/id/1032306

http://www.securityfocus.com/bid/74640

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

http://www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerability

http://www.debian.org/security/2015/dsa-3274

http://www.debian.org/security/2015/dsa-3262

http://www.debian.org/security/2015/dsa-3259

http://venom.crowdstrike.com/

http://support.citrix.com/article/CTX201078

http://rhn.redhat.com/errata/RHSA-2015-1011.html

http://rhn.redhat.com/errata/RHSA-2015-1004.html

http://rhn.redhat.com/errata/RHSA-2015-1003.html

http://rhn.redhat.com/errata/RHSA-2015-1002.html

http://rhn.redhat.com/errata/RHSA-2015-1001.html

http://rhn.redhat.com/errata/RHSA-2015-1000.html

http://rhn.redhat.com/errata/RHSA-2015-0999.html

http://rhn.redhat.com/errata/RHSA-2015-0998.html

http://marc.info/?l=bugtraq&m=143387998230996&w=2

http://marc.info/?l=bugtraq&m=143229451215900&w=2

http://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.html

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10693

http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=e907746266721f305d67bc0718795fedee2e824c

Details

Source: Mitre, NVD

Published: 2015-05-13

Updated: 2025-04-12

Risk Information

CVSS v2

Base Score: 7.7

Vector: CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.28587

	
		OSZAR »