Launchpad CVE tracker

CVE 2015-3456

The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.

Related bugs and status

CVE-2015-3456 (Candidate) is related to these bugs:

Bug #1454677: Qemu version pin vulnerable to VENOM

		In	Importance	Status
1454677	Qemu version pin vulnerable to VENOM	OpenStack-Ansible	Critical	Invalid
1454677	Qemu version pin vulnerable to VENOM	OpenStack-Ansible icehouse	Critical	Won't Fix
1454677	Qemu version pin vulnerable to VENOM	OpenStack-Ansible juno	Critical	Won't Fix

Bug #1456553: CVE-2015-3456

Summary				In	Importance	Status
	1456553	CVE-2015-3456		virtualbox (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://venom.crowdstri...
CONFIRM: http://git.qemu.org/?p...
CONFIRM: http://xenbits.xen.org...
CONFIRM: https://access.redhat....
CONFIRM: https://securityblog.r...
REDHAT: RHSA-2015:0998
REDHAT: RHSA-2015:0999
REDHAT: RHSA-2015:1000
REDHAT: RHSA-2015:1001
REDHAT: RHSA-2015:1002
REDHAT: RHSA-2015:1003
REDHAT: RHSA-2015:1004
CONFIRM: https://www.suse.com/s...
DEBIAN: DSA-3274
FEDORA: FEDORA-2015-8249
SUSE: SUSE-SU-2015:0927
SUSE: SUSE-SU-2015:0929
BID: 74640
CONFIRM: http://www.oracle.com/...
DEBIAN: DSA-3259
SUSE: SUSE-SU-2015:0896
UBUNTU: USN-2608-1
CONFIRM: https://support.lenovo...
CONFIRM: http://www1.huawei.com...
CONFIRM: http://support.citrix....
CONFIRM: https://bto.bluecoat.c...
CONFIRM: http://www.fortiguard....
SUSE: openSUSE-SU-2015:1400
EXPLOIT-DB: 37053
SUSE: openSUSE-SU-2015:0983
DEBIAN: DSA-3262
REDHAT: RHSA-2015:1011
SUSE: SUSE-SU-2015:0889
SUSE: openSUSE-SU-2015:0893
SUSE: openSUSE-SU-2015:0894
SUSE: SUSE-SU-2015:0923
SECTRACK: 1032306
SECTRACK: 1032311
CONFIRM: https://kb.juniper.net...
CONFIRM: https://kc.mcafee.com/...
CONFIRM: http://kb.juniper.net/...
HP: HPSBMU03336
HP: SSRT102076
HP: HPSBMU03349
GENTOO: GLSA-201602-01
GENTOO: GLSA-201604-03
GENTOO: GLSA-201612-27
SECTRACK: 1032917
MISC: https://www.arista.com...

Launchpad.net

CVE 2015-3456

Related bugs and status

Related bugs

References