ID CVE-2015-3456
Summary The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.
References
Vulnerable Configurations
  • QEMU 2.3.0
    cpe:2.3:a:qemu:qemu:2.3.0
  • Xen Xen 4.5.0
    cpe:2.3:a:xen:xen:4.5.0
  • Red Hat Enterprise Linux 5
    cpe:2.3:o:redhat:enterprise_linux:5
  • Red Hat Enterprise Linux 6
    cpe:2.3:o:redhat:enterprise_linux:6
  • Red Hat Enterprise Linux (RHEL) 7.0 (7)
    cpe:2.3:o:redhat:enterprise_linux:7.0
  • Red Hat Enterprise Virtualization (RHEV) 3.0
    cpe:2.3:a:redhat:enterprise_virtualization:3.0
  • Red Hat OpenStack 4.0
    cpe:2.3:a:redhat:openstack:4.0
  • cpe:2.3:a:redhat:openstack:5.0
    cpe:2.3:a:redhat:openstack:5.0
  • cpe:2.3:a:redhat:openstack:6.0
    cpe:2.3:a:redhat:openstack:6.0
  • Red Hat OpenStack 7.0
    cpe:2.3:a:redhat:openstack:7.0
CVSS
Base: 7.7 (as of 03-01-2017 - 13:00)
Impact:
Exploitability:
CWE CWE-119
CAPEC
  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
  • Overflow Binary Resource File
    An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the attacker access to the execution stack and execute arbitrary code in the target process. This attack pattern is a variant of standard buffer overflow attacks using an unexpected vector (binary files) to wrap its attack and open up a new attack vector. The attacker is required to either directly serve the binary content to the victim, or place it in a locale like a MP3 sharing application, for the victim to download. The attacker then is notified upon the download or otherwise locates the vulnerability opened up by the buffer overflow.
  • Buffer Overflow via Symbolic Links
    This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
  • Overflow Variables and Tags
    This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Buffer Overflow in an API Call
    This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
  • Buffer Overflow in Local Command-Line Utilities
    This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
Access
VectorComplexityAuthentication
ADJACENT_NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description VENOM, Xen 4.5.x, QEMU. CVE-2015-3456. Dos exploits for multiple platform
file exploits/multiple/dos/37053.c
id EDB-ID:37053
last seen 2016-02-04
modified 2015-05-18
platform multiple
port
published 2015-05-18
reporter Marcus Meissner
source https://www.exploit-db.com/download/37053/
title QEMU - Floppy Disk Controller FDC PoC
type dos
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-0943-1.NASL
    description KVM was updated to fix the following issues : CVE-2015-3456: A buffer overflow in the floppy drive emulation, which could be used to carry out denial of service attacks or potential code execution against the host. This vulnerability is also known as VENOM. Validate VMDK4 version field so we don't process versions we know nothing about. (bsc#834196) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-05-11
    plugin id 83858
    published 2015-05-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83858
    title SUSE SLES11 Security Update : KVM (SUSE-SU-2015:0943-1) (Venom)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-550.NASL
    description - Version bump to 4.2.32 bnc#938408 CVE-2015-2594 - Storage: fixed a crash when taking snapshots (4.2.30 regression) - ExtPack: don't fail if the TMP directory contains non-latin1 characters (bug #14159) - Main: implemented dedicated event processing queue - Linux hosts: fixed a bug which made the netfilter driver ignore certain events (bug #12264) Also included from Version bump to 4.2.30 bnc#935900 CVE-2015-3456 : - Various small fixes here and there - Fix the multiinstall on kernel modules to avoid conflicts bnc#925663 - Drop smap.diff fails to apply to the latest release
    last seen 2017-10-29
    modified 2015-10-22
    plugin id 85525
    published 2015-08-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85525
    title openSUSE Security Update : virtualbox (openSUSE-2015-550) (Venom)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-0998.NASL
    description From Red Hat Security Advisory 2015:0998 : Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456) Red Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue. All qemu-kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
    last seen 2017-10-29
    modified 2015-12-05
    plugin id 83444
    published 2015-05-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83444
    title Oracle Linux 6 : qemu-kvm (ELSA-2015-0998) (Venom)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201612-27.NASL
    description The remote host is affected by the vulnerability described in GLSA-201612-27 (VirtualBox: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. Impact : Local attackers could cause a Denial of Service condition, execute arbitrary code, or escalate their privileges. Workaround : There is no known workaround at this time.
    last seen 2017-10-29
    modified 2016-12-12
    plugin id 95695
    published 2016-12-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95695
    title GLSA-201612-27 : VirtualBox: Multiple vulnerabilities (Venom)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-249.NASL
    description A vulnerability was discovered in the qemu virtualisation solution : CVE-2015-3456 Jason Geffner discovered a buffer overflow in the emulated floppy disk drive, resulting in the potential execution of arbitrary code. Despite the end-of-life of qemu-kvm support in the old-oldstable distribution (squeeze-lts), this problem has been fixed in version 0.12.5+dfsg-5+squeeze11 of the qemu-kvm source package due to its severity (the so-called VENOM vulnerability). Further problems may still be present in the qemu-kvm package in the old-oldstable distribution (squeeze-lts) and users who need to rely on qemu-kvm are encouraged to upgrade to a newer version of Debian. We recommend that you upgrade your qemu-kvm packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-05-05
    plugin id 84295
    published 2015-06-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84295
    title Debian DLA-249-1 : qemu-kvm security update (Venom)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-8249.NASL
    description - CVE-2015-3456: (VENOM) fdc: out-of-bounds fifo buffer memory access (bz #1221152) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2015-10-23
    plugin id 83506
    published 2015-05-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83506
    title Fedora 21 : qemu-2.1.3-7.fc21 (2015-8249) (Venom)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-268.NASL
    description Three vulnerabilities have been fixed in the Debian squeeze-lts version of VirtualBox (package name: virtualbox-ose), a x86 virtualisation solution. CVE-2015-0377 Avoid VirtualBox allowing local users to affect availability via unknown vectors related to Core, which might result in denial of service. (Other issue than CVE-2015-0418). CVE-2015-0418 Avoid VirtualBox allowing local users to affect availability via unknown vectors related to Core, which might result in denial of service. (Other issue than CVE-2015-0377). CVE-2015-3456 The Floppy Disk Controller (FDC) in QEMU, also used in VirtualBox and other virtualization products, allowed local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-05-05
    plugin id 84551
    published 2015-07-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84551
    title Debian DLA-268-1 : virtualbox-ose security update (Venom)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3274.NASL
    description Jason Geffner discovered a buffer overflow in the emulated floppy disk drive, resulting in potential privilege escalation.
    last seen 2017-10-29
    modified 2016-05-05
    plugin id 83889
    published 2015-05-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83889
    title Debian DSA-3274-1 : virtualbox - security update (Venom)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201602-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-201602-01 (QEMU: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact : A remote attacker might cause a Denial of Service or gain escalated privileges from a guest VM. Workaround : There is no known workaround at this time.
    last seen 2017-10-29
    modified 2016-11-11
    plugin id 88587
    published 2016-02-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88587
    title GLSA-201602-01 : QEMU: Multiple vulnerabilities (Venom)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201604-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-201604-03 (Xen: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact : A local attacker could possibly cause a Denial of Service condition or obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen 2017-10-29
    modified 2016-11-11
    plugin id 90380
    published 2016-04-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90380
    title GLSA-201604-03 : Xen: Multiple vulnerabilities (Venom)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-0889-2.NASL
    description Xen was updated to fix a buffer overflow in the floppy drive emulation, which could be used to carry out denial of service attacks or potential code execution against the host. This vulnerability is also known as VENOM. (CVE-2015-3456) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-05-11
    plugin id 83852
    published 2015-05-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83852
    title SUSE SLES10 Security Update : Xen (SUSE-SU-2015:0889-2) (Venom)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0999.NASL
    description Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456) Red Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue. All qemu-kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
    last seen 2017-10-29
    modified 2017-01-09
    plugin id 83426
    published 2015-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83426
    title RHEL 7 : qemu-kvm (RHSA-2015:0999) (Venom)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-0929-1.NASL
    description KVM was updated to fix the following security issues : CVE-2015-3456: Buffer overflow in the floppy drive emulation, which could be used to carry out denial of service attacks or potential code execution against the host. This vulnerability is also known as VENOM. CVE-2014-0222: Integer overflow in the qcow_open function in block/qcow.c in QEMU allowed remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image. CVE-2014-0223: Integer overflow in the qcow_open function in block/qcow.c in QEMU allowed local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-05-11
    plugin id 83854
    published 2015-05-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83854
    title SUSE SLES11 Security Update : KVM (SUSE-SU-2015:0929-1) (Venom)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-0999.NASL
    description From Red Hat Security Advisory 2015:0999 : Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456) Red Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue. All qemu-kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
    last seen 2017-10-29
    modified 2015-12-05
    plugin id 83445
    published 2015-05-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83445
    title Oracle Linux 7 : qemu-kvm (ELSA-2015-0999) (Venom)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-0923-1.NASL
    description XEN was updated to fix two security issues and bugs. Security issues fixed : - CVE-2015-3340: Xen did not initialize certain fields, which allowed certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request. - CVE-2015-2751: Xen, when using toolstack disaggregation, allowed remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations. - CVE-2015-2752: The XEN_DOMCTL_memory_mapping hypercall in Xen, when using a PCI passthrough device, was not preemptable, which allowed local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm). - CVE-2015-3456: Fixed a buffer overflow in the floppy drive emulation, which could be used to denial of service attacks or potential code execution against the host. Bugs fixed : - xentop: Fix memory leak on read failure Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-08-16
    plugin id 83757
    published 2015-05-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83757
    title SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2015:0923-1) (Venom)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2015-0057.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - fdc: force the fifo access to be in bounds of the allocated buffer During processing of certain commands such as FD_CMD_READ_ID and FD_CMD_DRIVE_SPECIFICATION_COMMAND the fifo memory access could get out of bounds leading to memory corruption with values coming from the guest. Fix this by making sure that the index is always bounded by the allocated memory. This is CVE-2015-3456. XSA-133 (CVE-2015-3456) - fdc: force the fifo access to be in bounds of the allocated buffer During processing of certain commands such as FD_CMD_READ_ID and FD_CMD_DRIVE_SPECIFICATION_COMMAND the fifo memory access could get out of bounds leading to memory corruption with values coming from the guest. Fix this by making sure that the index is always bounded by the allocated memory. This is CVE-2015-3456. XSA-133 (CVE-2015-3456) - domctl: don't allow a toolstack domain to call domain_pause on itself These DOMCTL subops were accidentally declared safe for disaggregation in the wake of XSA-77. This is XSA-127. (CVE-2015-2751) - xen: limit guest control of PCI command register Otherwise the guest can abuse that control to cause e.g. PCIe Unsupported Request responses (by disabling memory and/or I/O decoding and subsequently causing [CPU side] accesses to the respective address ranges), which (depending on system configuration) may be fatal to the host. This is CVE-2015-2756 / XSA-126. Conflicts: tools/qemu-xen-traditional-dir/hw/pass-through.c (CVE-2015-2756) - xen: limit guest control of PCI command register Otherwise the guest can abuse that control to cause e.g. PCIe Unsupported Request responses (by disabling memory and/or I/O decoding and subsequently causing [CPU side] accesses to the respective address ranges), which (depending on system configuration) may be fatal to the host. This is CVE-2015-2756 / XSA-126. (CVE-2015-2756) - Limit XEN_DOMCTL_memory_mapping hypercall to only process up to 64 GFNs (or less) Said hypercall for large BARs can take quite a while. As such we can require that the hypercall MUST break up the request in smaller values. Another approach is to add preemption to it - whether we do the preemption using hypercall_create_continuation or returning EAGAIN to userspace (and have it re-invocate the call) - either way the issue we cannot easily solve is that in 'map_mmio_regions' if we encounter an error we MUST call 'unmap_mmio_regions' for the whole BAR region. Since the preemption would re-use input fields such as nr_mfns, first_gfn, first_mfn - we would lose the original values - and only undo what was done in the current round (i.e. ignoring anything that was done prior to earlier preemptions). Unless we re-used the return value as 'EAGAIN|nr_mfns_done<<10' but that puts a limit (since the return value is a long) on the amount of nr_mfns that can provided. This patch sidesteps this problem by : - Setting an hard limit of nr_mfns having to be 64 or less. - Toolstack adjusts correspondingly to the nr_mfn limit. - If the there is an error when adding the toolstack will call the remove operation to remove the whole region. The need to break this hypercall down is for large BARs can take more than the guest (initial domain usually) time-slice. This has the negative result in that the guest is locked out for a long duration and is unable to act on any pending events. We also augment the code to return zero if nr_mfns instead of trying to the hypercall. Suggested-by: Jan Beulich This is CVE-2015-2752 / XSA-125. (CVE-2015-2752)
    last seen 2017-10-29
    modified 2017-02-17
    plugin id 83482
    published 2015-05-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83482
    title OracleVM 3.3 : xen (OVMSA-2015-0057) (Venom)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150513_XEN_ON_SL5_X.NASL
    description An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456) After installing the updated packages, all running fully-virtualized guests must be restarted for this update to take effect.
    last seen 2017-10-29
    modified 2015-10-23
    plugin id 83460
    published 2015-05-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83460
    title Scientific Linux Security Update : xen on SL5.x i386/x86_64 (Venom)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_KVM-150513.NASL
    description KVM was updated to fix a buffer overflow in the floppy drive emulation, which could be used to carry out denial of service attacks or potential code execution against the host. This vulnerability is also known as VENOM. (CVE-2015-3456)
    last seen 2017-10-29
    modified 2015-06-15
    plugin id 83515
    published 2015-05-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83515
    title SuSE 11.3 Security Update : KVM (SAT Patch Number 10672)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1003.NASL
    description Updated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456) Red Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue. All kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Note: The procedure in the Solution section must be performed before this update will take effect.
    last seen 2017-10-29
    modified 2017-01-09
    plugin id 83430
    published 2015-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83430
    title RHEL 5 : kvm (RHSA-2015:1003) (Venom)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-1003.NASL
    description From Red Hat Security Advisory 2015:1003 : Updated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456) Red Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue. All kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Note: The procedure in the Solution section must be performed before this update will take effect.
    last seen 2017-10-29
    modified 2015-12-04
    plugin id 83447
    published 2015-05-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83447
    title Oracle Linux 5 : kvm (ELSA-2015-1003) (Venom)
  • NASL family Misc.
    NASL id CITRIX_XENSERVER_CTX201078.NASL
    description The remote host is running a version of Citrix XenServer that is affected by a flaw in the Floppy Disk Controller (FDC) in the bundled QEMU software due to an overflow condition in hw/block/fdc.c when handling certain commands. An attacker, with access to an account on the guest operating system with privilege to access the FDC, can exploit this flaw to execute arbitrary code in the context of the hypervisor process on the host system.
    last seen 2017-10-29
    modified 2017-02-08
    plugin id 83763
    published 2015-05-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83763
    title Citrix XenServer QEMU FDC Buffer Overflow RCE (CTX201078) (VENOM)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3259.NASL
    description Several vulnerabilities were discovered in the qemu virtualisation solution : - CVE-2014-9718 It was discovered that the IDE controller emulation is susceptible to denial of service. - CVE-2015-1779 Daniel P. Berrange discovered a denial of service vulnerability in the VNC web socket decoder. - CVE-2015-2756 Jan Beulich discovered that unmediated PCI command register could result in denial of service. - CVE-2015-3456 Jason Geffner discovered a buffer overflow in the emulated floppy disk drive, resulting in the potential execution of arbitrary code.
    last seen 2017-10-29
    modified 2016-12-07
    plugin id 83422
    published 2015-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83422
    title Debian DSA-3259-1 : qemu - security update (Venom)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-8248.NASL
    description - CVE-2015-3456: (VENOM) fdc: out-of-bounds fifo buffer memory access (bz #1221152) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2015-10-22
    plugin id 83791
    published 2015-05-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83791
    title Fedora 20 : qemu-1.6.2-14.fc20 (2015-8248) (Venom)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-8252.NASL
    description Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2015-10-22
    plugin id 83832
    published 2015-05-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83832
    title Fedora 20 : xen-4.3.4-4.fc20 (2015-8252) (Venom)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-0940-1.NASL
    description Xen was updated to fix two security issues : CVE-2015-3456: A buffer overflow in the floppy drive emulation, which could be used to carry out denial of service attacks or potential code execution against the host. This vulnerability is also known as VENOM. CVE-2015-3340: An information leak through XEN_DOMCTL_gettscinfo(). (XSA-132) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-05-11
    plugin id 83856
    published 2015-05-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83856
    title SUSE SLES11 Security Update : Xen (SUSE-SU-2015:0940-1) (Venom)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-0999.NASL
    description Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456) Red Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue. All qemu-kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
    last seen 2017-10-29
    modified 2016-05-05
    plugin id 83419
    published 2015-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83419
    title CentOS 7 : qemu-kvm (CESA-2015:0999) (Venom)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1011.NASL
    description Updated rhev-hypervisor packages that fix one security issue are now available. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The rhev-hypervisor packages provide a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456) Red Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue. Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package.
    last seen 2017-10-29
    modified 2017-01-09
    plugin id 83536
    published 2015-05-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83536
    title RHEL 7 : rhev-hypervisor (RHSA-2015:1011) (Venom)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-1002.NASL
    description Updated xen packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456) Red Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue. All xen users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, all running fully-virtualized guests must be restarted for this update to take effect.
    last seen 2017-10-29
    modified 2015-10-23
    plugin id 83420
    published 2015-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83420
    title CentOS 5 : xen (CESA-2015:1002) (Venom)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1000.NASL
    description Updated qemu-kvm-rhev packages that fix one security issue are now available for Red Hat Enterprise Virtualization Hypervisor 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456) Red Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue. All qemu-kvm-rhev users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
    last seen 2017-10-29
    modified 2016-05-13
    plugin id 83427
    published 2015-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83427
    title RHEL 7 : qemu-kvm-rhev (RHSA-2015:1000)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2015-0068.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2015-0068 for details.
    last seen 2017-10-29
    modified 2017-02-14
    plugin id 84140
    published 2015-06-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84140
    title OracleVM 3.2 : xen (OVMSA-2015-0068) (POODLE) (Venom)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150513_QEMU_KVM_ON_SL6_X.NASL
    description An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456) After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
    last seen 2017-10-29
    modified 2015-10-23
    plugin id 83458
    published 2015-05-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83458
    title Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (Venom)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_2780E442FC5911E4B18B6805CA1D3BB1.NASL
    description Jason Geffner, CrowdStrike Senior Security Researcher reports : VENOM, CVE-2015-3456, is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host. Absent mitigation, this VM escape could open access to the host system and all other VMs running on that host, potentially giving adversaries significant elevated access to the host's local network and adjacent systems.
    last seen 2017-10-29
    modified 2015-10-23
    plugin id 83510
    published 2015-05-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83510
    title FreeBSD : qemu, xen and VirtualBox OSE -- possible VM escape and code execution ('VENOM') (2780e442-fc59-11e4-b18b-6805ca1d3bb1) (Venom)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-434.NASL
    description Xen was updated to 4.4.2 to fix multiple vulnerabilities and non-security bugs. The following vulnerabilities were fixed : - CVE-2015-4103: Potential unintended writes to host MSI message data field via qemu (XSA-128) (boo#931625) - CVE-2015-4104: PCI MSI mask bits inadvertently exposed to guests (XSA-129) (boo#931626) - CVE-2015-4105: Guest triggerable qemu MSI-X pass-through error messages (XSA-130) (boo#931627) - CVE-2015-4106: Unmediated PCI register access in qemu (XSA-131) (boo#931628) - CVE-2015-4164: DoS through iret hypercall handler (XSA-136) (boo#932996) - CVE-2015-4163: GNTTABOP_swap_grant_ref operation misbehavior (XSA-134) (boo#932790) - CVE-2015-3209: heap overflow in qemu pcnet controller allowing guest to host escape (XSA-135) (boo#932770) - CVE-2015-3456: Fixed a buffer overflow in the floppy drive emulation, which could be used to denial of service attacks or potential code execution against the host. () - CVE-2015-3340: Xen did not initialize certain fields, which allowed certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request. () - CVE-2015-2752: Long latency MMIO mapping operations are not preemptible (XSA-125 boo#922705) - CVE-2015-2756: Unmediated PCI command register access in qemu (XSA-126 boo#922706) - CVE-2015-2751: Certain domctl operations may be abused to lock up the host (XSA-127 boo#922709) - CVE-2015-2151: Hypervisor memory corruption due to x86 emulator flaw (boo#919464 XSA-123) - CVE-2015-2045: Information leak through version information hypercall (boo#918998 XSA-122) - CVE-2015-2044: Information leak via internal x86 system device emulation (boo#918995 (XSA-121) - CVE-2015-2152: HVM qemu unexpectedly enabling emulated VGA graphics backends (boo#919663 XSA-119) - CVE-2014-3615: information leakage when guest sets high resolution (boo#895528) The following non-security bugs were fixed : - xentop: Fix memory leak on read failure - boo#923758: xen dmesg contains bogus output in early boot - boo#921842: Xentop doesn't display disk statistics for VMs using qdisks - boo#919098: L3: XEN blktap device intermittently fails to connect - boo#882089: Windows 2012 R2 fails to boot up with greater than 60 vcpus - boo#903680: Problems with detecting free loop devices on Xen guest startup - boo#861318: xentop reports 'Found interface vif101.0 but domain 101 does not exist.' - boo#901488: Intel ixgbe driver assigns rx/tx queues per core resulting in irq problems on servers with a large amount of CPU cores - boo#910254: SLES11 SP3 Xen VT-d igb NIC doesn't work - boo#912011: high ping latency after upgrade to latest SLES11SP3 on xen Dom0 - boo#906689: let systemd schedule xencommons after network-online.target and remote-fs.target so that xendomains has access to remote shares The following functionality was enabled or enhanced : - Enable spice support in qemu for x86_64 - Add Qxl vga support - Enhancement to virsh/libvirtd 'send-key' command (FATE#317240) - Add domain_migrate_constraints_set API to Xend's http interface (FATE#317239)
    last seen 2017-10-29
    modified 2015-10-22
    plugin id 84333
    published 2015-06-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84333
    title openSUSE Security Update : xen (openSUSE-2015-434) (Venom)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1031.NASL
    description Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456) Red Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue. All qemu-kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
    last seen 2017-10-29
    modified 2017-01-06
    plugin id 83844
    published 2015-05-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83844
    title RHEL 6 : qemu-kvm (RHSA-2015:1031) (Venom)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL16620.NASL
    description An out-of-bounds memory access flaw, also known as 'VENOM,' was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
    last seen 2017-10-29
    modified 2016-11-01
    plugin id 83749
    published 2015-05-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83749
    title F5 Networks BIG-IP : QEMU vulnerability (SOL16620) (Venom)
  • NASL family Firewalls
    NASL id CHECK_POINT_GAIA_SK106060.NASL
    description The remote host is running a version of Gaia OS which is affected by a vulnerability in the virtual floppy drive code which may allow an attacker to escape a virtualized environment and obtain code execution on the underlying host.
    last seen 2017-12-05
    modified 2017-12-05
    plugin id 104999
    published 2017-12-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104999
    title Check Point Gaia Operating System VM escape and code execution (sk106060)(VENOM)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0998.NASL
    description Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456) Red Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue. All qemu-kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
    last seen 2017-10-29
    modified 2017-01-09
    plugin id 83425
    published 2015-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83425
    title RHEL 6 : qemu-kvm (RHSA-2015:0998) (Venom)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2608-1.NASL
    description Jason Geffner discovered that QEMU incorrectly handled the virtual floppy driver. This issue is known as VENOM. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2015-3456) Daniel P. Berrange discovered that QEMU incorrectly handled VNC websockets. A remote attacker could use this issue to cause QEMU to consume memory, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-1779) Jan Beulich discovered that QEMU, when used with Xen, didn't properly restrict access to PCI command registers. A malicious guest could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-2756). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-05
    plugin id 83435
    published 2015-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83435
    title Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : qemu, qemu-kvm vulnerabilities (USN-2608-1) (Venom)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3262.NASL
    description Jason Geffner discovered a buffer overflow in the emulated floppy disk drive, resulting in the potential execution of arbitrary code. This only affects HVM guests.
    last seen 2017-10-29
    modified 2016-05-06
    plugin id 83532
    published 2015-05-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83532
    title Debian DSA-3262-1 : xen - security update (Venom)
  • NASL family Windows
    NASL id VIRTUALBOX_4_3_28.NASL
    description The remote host contains a version of Oracle VM VirtualBox that is prior to 3.2.28 / 4.0.30 / 4.1.38 / 4.2.30 / 4.3.28. It is, therefore affected by a flaw in the Floppy Disk Controller (FDC) in the bundled QEMU software due to an overflow condition in 'hw/block/fdc.c' when handling certain commands. An attacker, with access to an account on the guest operating system with privilege to access the FDC, can exploit this flaw to execute arbitrary code in the context of the hypervisor process on the host system.
    last seen 2017-10-29
    modified 2016-08-16
    plugin id 83729
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83729
    title Oracle VM VirtualBox < 3.2.28 / 4.0.30 / 4.1.38 / 4.2.30 / 4.3.28 QEMU FDC Overflow RCE (VENOM)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-8194.NASL
    description Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2015-10-22
    plugin id 83828
    published 2015-05-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83828
    title Fedora 22 : xen-4.5.0-9.fc22 (2015-8194) (Venom)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150513_KVM_ON_SL5_X.NASL
    description An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456) Note: The following procedure must be performed before this update will take effect : 1) Stop all KVM guest virtual machines. 2) Either reboot the hypervisor machine or, as the root user, remove (using 'modprobe -r [module]') and reload (using 'modprobe [module]') all of the following modules which are currently running (determined using 'lsmod'): kvm, ksm, kvm-intel or kvm-amd. 3) Restart the KVM guest virtual machines.
    last seen 2017-10-29
    modified 2015-10-23
    plugin id 83457
    published 2015-05-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83457
    title Scientific Linux Security Update : kvm on SL5.x x86_64 (Venom)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-391.NASL
    description The XEN hypervisor was updated to fix two security issues : - Fixed a buffer overflow in the floppy drive emulation, which could be used to denial of service attacks or potential code execution against the host. (CVE-2015-3456) - Xen did not initialize certain fields, which allowed certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request. (CVE-2015-3340)
    last seen 2017-10-29
    modified 2015-10-22
    plugin id 83965
    published 2015-06-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83965
    title openSUSE Security Update : xen (openSUSE-2015-391) (Venom)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-0998.NASL
    description Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456) Red Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue. All qemu-kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
    last seen 2017-10-29
    modified 2015-10-23
    plugin id 83418
    published 2015-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83418
    title CentOS 6 : qemu-kvm (CESA-2015:0998) (Venom)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2015-0059.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - force the fifo access to be in bounds of the allocated buffer This is XSA-133. [bug 21078975] (CVE-2015-3456)
    last seen 2017-10-29
    modified 2017-02-17
    plugin id 83484
    published 2015-05-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83484
    title OracleVM 2.2 : xen (OVMSA-2015-0059) (Venom)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-8270.NASL
    description Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2015-10-22
    plugin id 83834
    published 2015-05-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83834
    title Fedora 21 : xen-4.4.2-4.fc21 (2015-8270) (Venom)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1001.NASL
    description Updated qemu-kvm-rhev packages that fix one security issue are now available for Red Hat Enterprise Virtualization 3.5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456) Red Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue. All qemu-kvm-rhev users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
    last seen 2017-10-29
    modified 2017-01-09
    plugin id 83428
    published 2015-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83428
    title RHEL 6 : qemu-kvm-rhev (RHSA-2015:1001) (Venom)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2015-0058.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - force the fifo access to be in bounds of the allocated buffer This is CVE-2015-3456. [bug 21078935] (CVE-2015-3456) - xen: limit guest control of PCI command register Otherwise the guest can abuse that control to cause e.g. PCIe Unsupported Request responses (by disabling memory and/or I/O decoding and subsequently causing [CPU side] accesses to the respective address ranges), which (depending on system configuration) may be fatal to the host. This is CVE-2015-2756 / XSA-126. Conflicts: tools/ioemu-remote/hw/pass-through.c (CVE-2015-2756) - Limit XEN_DOMCTL_memory_mapping hypercall to only process up to 64 GFNs (or less) Said hypercall for large BARs can take quite a while. As such we can require that the hypercall MUST break up the request in smaller values. Another approach is to add preemption to it - whether we do the preemption using hypercall_create_continuation or returning EAGAIN to userspace (and have it re-invocate the call) - either way the issue we cannot easily solve is that in 'map_mmio_regions' if we encounter an error we MUST call 'unmap_mmio_regions' for the whole BAR region. Since the preemption would re-use input fields such as nr_mfns, first_gfn, first_mfn - we would lose the original values - and only undo what was done in the current round (i.e. ignoring anything that was done prior to earlier preemptions). Unless we re-used the return value as 'EAGAIN|nr_mfns_done<<10' but that puts a limit (since the return value is a long) on the amount of nr_mfns that can provided. This patch sidesteps this problem by : - Setting an hard limit of nr_mfns having to be 64 or less. - Toolstack adjusts correspondingly to the nr_mfn limit. - If the there is an error when adding the toolstack will call the remove operation to remove the whole region. The need to break this hypercall down is for large BARs can take more than the guest (initial domain usually) time-slice. This has the negative result in that the guest is locked out for a long duration and is unable to act on any pending events. We also augment the code to return zero if nr_mfns instead of trying to the hypercall. Suggested-by: Jan Beulich This is CVE-2015-2752 / XSA-125. Conflicts: xen/arch/x86/domctl.c (CVE-2015-2752)
    last seen 2017-10-29
    modified 2017-02-17
    plugin id 83483
    published 2015-05-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83483
    title OracleVM 3.2 : xen (OVMSA-2015-0058) (Venom)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-363.NASL
    description qemu was updated to fix a security issue : - CVE-2015-3456: Fixed a buffer overflow in the floppy drive emulation, which could be used to denial of service attacks or potential code execution against the host.
    last seen 2017-10-29
    modified 2015-10-23
    plugin id 83533
    published 2015-05-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83533
    title openSUSE Security Update : qemu (openSUSE-2015-363) (Venom)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-248.NASL
    description A vulnerability was discovered in the qemu virtualisation solution : CVE-2015-3456 Jason Geffner discovered a buffer overflow in the emulated floppy disk drive, resulting in the potential execution of arbitrary code. Despite the end-of-life of qemu support in the old-oldstable distribution (squeeze-lts), this problem has been fixed in version 0.12.5+dfsg-3squeeze4 of the qemu source package due to its severity (the so-called VENOM vulnerability). Further problems may still be present in the qemu package in the old-oldstable distribution (squeeze-lts) and users who need to rely on qemu are encouraged to upgrade to a newer version of Debian. We recommend that you upgrade your qemu packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-05-05
    plugin id 84294
    published 2015-06-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84294
    title Debian DLA-248-1 : qemu security update (Venom)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-1003.NASL
    description Updated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456) Red Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue. All kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Note: The procedure in the Solution section must be performed before this update will take effect.
    last seen 2017-10-29
    modified 2015-10-23
    plugin id 83421
    published 2015-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83421
    title CentOS 5 : kvm (CESA-2015:1003) (Venom)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-1002.NASL
    description From Red Hat Security Advisory 2015:1002 : Updated xen packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456) Red Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue. All xen users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, all running fully-virtualized guests must be restarted for this update to take effect.
    last seen 2017-10-29
    modified 2016-05-06
    plugin id 83446
    published 2015-05-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83446
    title Oracle Linux 5 : xen (ELSA-2015-1002) (Venom)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-0944-1.NASL
    description Xen was updated to fix two security issues and a bug : CVE-2015-3456: A buffer overflow in the floppy drive emulation, which could be used to carry out denial of service attacks or potential code execution against the host. This vulnerability is also known as VENOM. CVE-2015-3340: Xen did not initialize certain fields, which allowed certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request. An exception in setCPUAffinity when restoring guests. (bsc#910441) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-05-11
    plugin id 83859
    published 2015-05-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83859
    title SUSE SLES11 Security Update : Xen (SUSE-SU-2015:0944-1) (Venom)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-0927-1.NASL
    description Xen was updated to fix two security issues and a bug : CVE-2015-3456: A buffer overflow in the floppy drive emulation, which could be used to carry out denial of service attacks or potential code execution against the host. This vulnerability is also known as VENOM. CVE-2015-3340: Xen did not initialize certain fields, which allowed certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request. An exception in setCPUAffinity when restoring guests. (bsc#910441) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-05-11
    plugin id 83853
    published 2015-05-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83853
    title SUSE SLED11 / SLES11 Security Update : Xen (SUSE-SU-2015:0927-1) (Venom)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-8220.NASL
    description - CVE-2015-3456: (VENOM) fdc: out-of-bounds fifo buffer memory access (bz #1221152) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2015-10-22
    plugin id 83829
    published 2015-05-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83829
    title Fedora 22 : qemu-2.3.0-4.fc22 (2015-8220) (Venom)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1002.NASL
    description Updated xen packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456) Red Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue. All xen users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, all running fully-virtualized guests must be restarted for this update to take effect.
    last seen 2017-10-29
    modified 2017-01-09
    plugin id 83429
    published 2015-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83429
    title RHEL 5 : xen (RHSA-2015:1002) (Venom)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150513_QEMU_KVM_ON_SL7_X.NASL
    description An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456) After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
    last seen 2017-10-29
    modified 2015-10-23
    plugin id 83459
    published 2015-05-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83459
    title Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (Venom)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-364.NASL
    description Qemu was updated to v2.1.3: See http://wiki.qemu-project.org/ChangeLog/2.1 for more information. This update includes a security fix : - CVE-2015-3456: Fixed a buffer overflow in the floppy drive emulation, which could be used to denial of service attacks or potential code execution against the host.
    last seen 2017-10-29
    modified 2015-10-23
    plugin id 83534
    published 2015-05-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83534
    title openSUSE Security Update : qemu (openSUSE-2015-364) (Venom)
redhat via4
advisories
  • bugzilla
    id 1218611
    title CVE-2015-3456 qemu: fdc: out-of-bounds fifo buffer memory access
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment qemu-guest-agent is earlier than 2:0.12.1.2-2.448.el6_6.3
          oval oval:com.redhat.rhsa:tst:20150998005
        • comment qemu-guest-agent is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20121234008
      • AND
        • comment qemu-img is earlier than 2:0.12.1.2-2.448.el6_6.3
          oval oval:com.redhat.rhsa:tst:20150998007
        • comment qemu-img is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110345008
      • AND
        • comment qemu-kvm is earlier than 2:0.12.1.2-2.448.el6_6.3
          oval oval:com.redhat.rhsa:tst:20150998011
        • comment qemu-kvm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110345006
      • AND
        • comment qemu-kvm-tools is earlier than 2:0.12.1.2-2.448.el6_6.3
          oval oval:com.redhat.rhsa:tst:20150998009
        • comment qemu-kvm-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110345010
    rhsa
    id RHSA-2015:0998
    released 2015-05-13
    severity Important
    title RHSA-2015:0998: qemu-kvm security update (Important)
  • bugzilla
    id 1218611
    title CVE-2015-3456 qemu: fdc: out-of-bounds fifo buffer memory access
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment libcacard is earlier than 10:1.5.3-86.el7_1.2
          oval oval:com.redhat.rhsa:tst:20150999009
        • comment libcacard is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140704008
      • AND
        • comment libcacard-devel is earlier than 10:1.5.3-86.el7_1.2
          oval oval:com.redhat.rhsa:tst:20150999007
        • comment libcacard-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140704010
      • AND
        • comment libcacard-tools is earlier than 10:1.5.3-86.el7_1.2
          oval oval:com.redhat.rhsa:tst:20150999005
        • comment libcacard-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140704016
      • AND
        • comment qemu-img is earlier than 10:1.5.3-86.el7_1.2
          oval oval:com.redhat.rhsa:tst:20150999011
        • comment qemu-img is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110345008
      • AND
        • comment qemu-kvm is earlier than 10:1.5.3-86.el7_1.2
          oval oval:com.redhat.rhsa:tst:20150999013
        • comment qemu-kvm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110345006
      • AND
        • comment qemu-kvm-common is earlier than 10:1.5.3-86.el7_1.2
          oval oval:com.redhat.rhsa:tst:20150999015
        • comment qemu-kvm-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140704018
      • AND
        • comment qemu-kvm-tools is earlier than 10:1.5.3-86.el7_1.2
          oval oval:com.redhat.rhsa:tst:20150999017
        • comment qemu-kvm-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110345010
    rhsa
    id RHSA-2015:0999
    released 2015-05-13
    severity Important
    title RHSA-2015:0999: qemu-kvm security update (Important)
  • bugzilla
    id 1218611
    title CVE-2015-3456 qemu: fdc: out-of-bounds fifo buffer memory access
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment xen is earlier than 0:3.0.3-146.el5_11
          oval oval:com.redhat.rhsa:tst:20151002004
        • comment xen is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070114003
      • AND
        • comment xen-devel is earlier than 0:3.0.3-146.el5_11
          oval oval:com.redhat.rhsa:tst:20151002006
        • comment xen-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070114007
      • AND
        • comment xen-libs is earlier than 0:3.0.3-146.el5_11
          oval oval:com.redhat.rhsa:tst:20151002002
        • comment xen-libs is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070114005
    rhsa
    id RHSA-2015:1002
    released 2015-05-13
    severity Important
    title RHSA-2015:1002: xen security update (Important)
  • bugzilla
    id 1218611
    title CVE-2015-3456 qemu: fdc: out-of-bounds fifo buffer memory access
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment kmod-kvm is earlier than 0:83-272.el5_11
          oval oval:com.redhat.rhsa:tst:20151003004
        • comment kmod-kvm is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091465005
      • AND
        • comment kmod-kvm-debug is earlier than 0:83-272.el5_11
          oval oval:com.redhat.rhsa:tst:20151003006
        • comment kmod-kvm-debug is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110028007
      • AND
        • comment kvm is earlier than 0:83-272.el5_11
          oval oval:com.redhat.rhsa:tst:20151003010
        • comment kvm is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091465003
      • AND
        • comment kvm-qemu-img is earlier than 0:83-272.el5_11
          oval oval:com.redhat.rhsa:tst:20151003008
        • comment kvm-qemu-img is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091465007
      • AND
        • comment kvm-tools is earlier than 0:83-272.el5_11
          oval oval:com.redhat.rhsa:tst:20151003002
        • comment kvm-tools is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091465009
    rhsa
    id RHSA-2015:1003
    released 2015-05-13
    severity Important
    title RHSA-2015:1003: kvm security update (Important)
  • rhsa
    id RHSA-2015:1000
  • rhsa
    id RHSA-2015:1001
  • rhsa
    id RHSA-2015:1004
  • rhsa
    id RHSA-2015:1011
rpms
  • qemu-guest-agent-2:0.12.1.2-2.448.el6_6.3
  • qemu-img-2:0.12.1.2-2.448.el6_6.3
  • qemu-kvm-2:0.12.1.2-2.448.el6_6.3
  • qemu-kvm-tools-2:0.12.1.2-2.448.el6_6.3
  • libcacard-10:1.5.3-86.el7_1.2
  • libcacard-devel-10:1.5.3-86.el7_1.2
  • libcacard-tools-10:1.5.3-86.el7_1.2
  • qemu-img-10:1.5.3-86.el7_1.2
  • qemu-kvm-10:1.5.3-86.el7_1.2
  • qemu-kvm-common-10:1.5.3-86.el7_1.2
  • qemu-kvm-tools-10:1.5.3-86.el7_1.2
  • xen-0:3.0.3-146.el5_11
  • xen-devel-0:3.0.3-146.el5_11
  • xen-libs-0:3.0.3-146.el5_11
  • kmod-kvm-0:83-272.el5_11
  • kmod-kvm-debug-0:83-272.el5_11
  • kvm-0:83-272.el5_11
  • kvm-qemu-img-0:83-272.el5_11
  • kvm-tools-0:83-272.el5_11
refmap via4
bid 74640
confirm
debian
  • DSA-3259
  • DSA-3262
  • DSA-3274
fedora FEDORA-2015-8249
gentoo
  • GLSA-201602-01
  • GLSA-201604-03
  • GLSA-201612-27
hp
  • HPSBMU03336
  • HPSBMU03349
  • SSRT102076
misc http://venom.crowdstrike.com/
sectrack
  • 1032306
  • 1032311
  • 1032917
suse
  • SUSE-SU-2015:0889
  • SUSE-SU-2015:0896
  • SUSE-SU-2015:0923
  • SUSE-SU-2015:0927
  • SUSE-SU-2015:0929
  • openSUSE-SU-2015:0893
  • openSUSE-SU-2015:0894
  • openSUSE-SU-2015:0983
  • openSUSE-SU-2015:1400
ubuntu USN-2608-1
the hacker news via4
id THN:D1A72EAB7DE85773871BD0D4D9026D61
last seen 2017-01-08
modified 2015-05-14
published 2015-05-14
reporter Swati Khandelwal
source http://thehackernews.com/2015/05/venom-vulnerability.html
title Venom Vulnerability Exposes Most Data Centers to Cyber Attacks
Last major update 02-01-2017 - 22:00
Published 13-05-2015 - 14:59
Last modified 21-09-2017 - 21:29
Back to Top