{ "threat_severity" : "Important", "public_date" : "2015-05-13T00:00:00Z", "bugzilla" : { "description" : "qemu: fdc: out-of-bounds fifo buffer memory access", "id" : "1218611", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1218611" }, "cvss" : { "cvss_base_score" : "6.5", "cvss_scoring_vector" : "AV:A/AC:H/Au:S/C:C/I:C/A:C", "status" : "verified" }, "cwe" : "CWE-119", "details" : [ "The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.", "An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest." ], "statement" : "This issue affects the versions of the kvm and xen packages as shipped with Red Hat Enterprise Linux 5, the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 6 and 7, and the versions of qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3. Future updates for the respective releases will address this flaw.", "acknowledgement" : "Red Hat would like to thank Jason Geffner (CrowdStrike) for reporting this issue.", "affected_release" : [ { "product_name" : "OpenStack 4 for RHEL 6", "release_date" : "2015-05-13T00:00:00Z", "advisory" : "RHSA-2015:1004", "cpe" : "cpe:/a:redhat:openstack:4::el6", "package" : "qemu-kvm-rhev-2:0.12.1.2-2.448.el6_6.3" }, { "product_name" : "Red Hat Enterprise Linux 5", "release_date" : "2015-05-13T00:00:00Z", "advisory" : "RHSA-2015:1003", "cpe" : "cpe:/a:redhat:rhel_virtualization:5", "package" : "kvm-0:83-272.el5_11" }, { "product_name" : "Red Hat Enterprise Linux 5", "release_date" : "2015-05-13T00:00:00Z", "advisory" : "RHSA-2015:1002", "cpe" : "cpe:/o:redhat:enterprise_linux:5", "package" : "xen-0:3.0.3-146.el5_11" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2015-05-13T00:00:00Z", "advisory" : "RHSA-2015:0998", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "qemu-kvm-2:0.12.1.2-2.448.el6_6.3" }, { "product_name" : "Red Hat Enterprise Linux 6.5 Extended Update Support", "release_date" : "2015-05-27T00:00:00Z", "advisory" : "RHSA-2015:1031", "cpe" : "cpe:/o:redhat:rhel_eus:6.5", "package" : "qemu-kvm-2:0.12.1.2-2.415.el6_5.15" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2015-05-13T00:00:00Z", "advisory" : "RHSA-2015:0999", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "qemu-kvm-10:1.5.3-86.el7_1.2" }, { "product_name" : "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6", "release_date" : "2015-05-13T00:00:00Z", "advisory" : "RHSA-2015:1004", "cpe" : "cpe:/a:redhat:openstack:5::el6", "package" : "qemu-kvm-rhev-2:0.12.1.2-2.448.el6_6.3" }, { "product_name" : "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7", "release_date" : "2015-05-13T00:00:00Z", "advisory" : "RHSA-2015:1004", "cpe" : "cpe:/a:redhat:openstack:5::el7", "package" : "qemu-kvm-rhev-10:2.1.2-23.el7_1.3" }, { "product_name" : "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7", "release_date" : "2015-05-13T00:00:00Z", "advisory" : "RHSA-2015:1004", "cpe" : "cpe:/a:redhat:openstack:6::el7", "package" : "qemu-kvm-rhev-10:2.1.2-23.el7_1.3" }, { "product_name" : "RHEV 3.X Hypervisor and Agents for RHEL-6", "release_date" : "2015-05-13T00:00:00Z", "advisory" : "RHSA-2015:1001", "cpe" : "cpe:/a:redhat:enterprise_linux:6::hypervisor", "package" : "qemu-kvm-rhev-2:0.12.1.2-2.448.el6_6.3" }, { "product_name" : "RHEV 3.X Hypervisor and Agents for RHEL-6", "release_date" : "2015-05-15T00:00:00Z", "advisory" : "RHSA-2015:1011", "cpe" : "cpe:/o:redhat:enterprise_linux:6::hypervisor", "package" : "rhev-hypervisor6-0:6.6-20150512.0.el6ev" }, { "product_name" : "RHEV 3.X Hypervisor and Agents for RHEL-7", "release_date" : "2015-05-13T00:00:00Z", "advisory" : "RHSA-2015:1000", "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package" : "qemu-kvm-rhev-10:2.1.2-23.el7_1.3" }, { "product_name" : "RHEV 3.X Hypervisor and Agents for RHEL-7", "release_date" : "2015-05-15T00:00:00Z", "advisory" : "RHSA-2015:1011", "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package" : "rhev-hypervisor7-0:7.1-20150512.1.el7ev" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Affected", "package_name" : "kvm", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux Extended Update Support 5.6", "fix_state" : "Affected", "package_name" : "kvm", "cpe" : "cpe:/o:redhat:rhel_eus:5.6" }, { "product_name" : "Red Hat Enterprise Linux Extended Update Support 5.6", "fix_state" : "Affected", "package_name" : "xen", "cpe" : "cpe:/o:redhat:rhel_eus:5.6" }, { "product_name" : "Red Hat Enterprise Linux Extended Update Support 5.9", "fix_state" : "Affected", "package_name" : "kvm", "cpe" : "cpe:/o:redhat:rhel_eus:5.9" }, { "product_name" : "Red Hat Enterprise Linux Extended Update Support 5.9", "fix_state" : "Affected", "package_name" : "xen", "cpe" : "cpe:/o:redhat:rhel_eus:5.9" }, { "product_name" : "Red Hat Enterprise Linux Extended Update Support 6.2", "fix_state" : "Affected", "package_name" : "qemu-kvm", "cpe" : "cpe:/o:redhat:rhel_eus:6.2" }, { "product_name" : "Red Hat Enterprise Linux Extended Update Support 6.4", "fix_state" : "Affected", "package_name" : "qemu-kvm", "cpe" : "cpe:/o:redhat:rhel_eus:6.4" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-3456\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3456\nhttp://venom.crowdstrike.com/\nhttp://xenbits.xen.org/xsa/advisory-133.html\nhttps://access.redhat.com/articles/1444903\nhttps://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/" ], "csaw" : true, "name" : "CVE-2015-3456" }