CVE-2015-3456
Published May 13, 2015
Last updated a year ago
Overview
- Description
- The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.7
- Impact score
- 10
- Exploitability score
- 5.1
- Vector string
- AV:A/AC:L/Au:S/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-119
Evaluator
- Comment
- Though the VENOM vulnerability is also agnostic of the guest operating system, an attacker (or an attacker’s malware) would need to have administrative or root privileges in the guest operating system in order to exploit VENOM
- Impact
- -
- Solution
- -
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ABF17A18-4BE8-41B7-B50C-F4A137B3B2F1",
"versionEndIncluding": "2.3.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:enterprise_virtualization:3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "105130E9-D48E-4FB8-A715-E6438EC7E744"
},
{
"criteria": "cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1802FDB8-C919-4D5E-A8AD-4C5B72525090"
},
{
"criteria": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B152EDF3-3140-4343-802F-F4F1C329F5C3"
},
{
"criteria": "cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "31EC146C-A6F6-4C0D-AF87-685286262DAA"
},
{
"criteria": "cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9DAA72A4-AC7D-4544-89D4-5B07961D5A95"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA9B3CC0-DF1C-4A86-B2A3-A9D428A5A6E6"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
},
{
"criteria": "cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "90CCECD0-C0F9-45A8-8699-64428637EBCA"
}
],
"operator": "OR"
}
]
}
]