CVE-2015-3456

NameCVE-2015-3456
DescriptionThe Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-248-1, DLA-249-1, DLA-268-1, DSA-3259-1, DSA-3262-1, DSA-3274-1
NVD severityhigh (attack range: remote)
Debian Bugs785424

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
qemu (PTS)wheezy1.1.2+dfsg-6a+deb7u12fixed
wheezy (security)1.1.2+dfsg-6+deb7u20fixed
jessie (security), jessie1:2.1+dfsg-12+deb8u6fixed
buster, sid, stretch1:2.8+dfsg-6fixed
qemu-kvm (PTS)wheezy1.1.2+dfsg-6+deb7u12fixed
wheezy (security)1.1.2+dfsg-6+deb7u22fixed
virtualbox (PTS)jessie/contrib (security), jessie/contrib4.3.36-dfsg-1+deb8u1fixed
sid/contrib5.1.22-dfsg-1fixed
wheezy, wheezy (security)4.1.42-dfsg-1+deb7u1fixed
xen (PTS)wheezy4.1.4-3+deb7u9fixed
wheezy (security)4.1.6.lts1-8fixed
jessie4.4.1-9+deb8u8fixed
jessie (security)4.4.1-9+deb8u9fixed
buster, sid, stretch4.8.1-1+deb9u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
qemusource(unstable)1:2.3+dfsg-3high
qemusourcejessie1:2.1+dfsg-12highDSA-3259-1
qemusourcesqueeze0.12.5+dfsg-3squeeze5highDLA-248-1
qemusourcewheezy1.1.2+dfsg-6a+deb7u7high
qemu-kvmsource(unstable)(unfixed)high
qemu-kvmsourcesqueeze0.12.5+dfsg-5+squeeze12highDLA-249-1
qemu-kvmsourcewheezy1.1.2+dfsg-6+deb7u7high
virtualboxsource(unstable)4.3.28-dfsg-1high785424
virtualboxsourcejessie4.3.18-dfsg-3+deb8u2highDSA-3274-1
virtualboxsourcewheezy4.1.18-dfsg-2+deb7u5highDSA-3274-1
virtualbox-osesource(unstable)(unfixed)high
virtualbox-osesourcesqueeze3.2.10-dfsg-1+squeeze4highDLA-268-1
xensource(unstable)4.4.0-1high
xensourcesqueeze(unfixed)end-of-life
xensourcewheezy4.1.4-3+deb7u6highDSA-3262-1
xen-qemu-dm-4.0source(unstable)(unfixed)high
xen-qemu-dm-4.0sourcesqueeze(unfixed)end-of-life

Notes

qemu 1:2.3+dfsg-3 is  pending in the NEW queue
[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
Xen switched to qemu-system in 4.4.0-1
http://xenbits.xen.org/xsa/advisory-133.html
[squeeze] - xen-qemu-dm-4.0 <end-of-life> (Not supported in Squeeze LTS)
http://www.oracle.com/technetwork/topics/security/alert-cve-2015-3456-2542656.html
http://venom.crowdstrike.com/

Search for package or bug name: Reporting problems