National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2015-3456 Detail

Description

The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.

Source:  MITRE      Last Modified:  05/13/2015

Evaluator Description

Though the VENOM vulnerability is also agnostic of the guest operating system, an attacker (or an attacker’s malware) would need to have administrative or root privileges in the guest operating system in order to exploit VENOM

Quick Info

CVE Dictionary Entry:
CVE-2015-3456
Original release date:
05/13/2015
Last revised:
09/21/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
7.7 HIGH
Vector:
(AV:A/AC:L/Au:S/C:C/I:C/A:C) (legend)
Impact Subscore:
10.0
Exploitability Subscore:
5.1
CVSS Version 2 Metrics:
Access Vector:
Local network exploitable
Access Complexity:
Low
Authentication:
Required to exploit
Impact Type:
Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e907746266721f305d67bc0718795fedee2e824c External Source CONFIRM http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e907746266721f305d67bc0718795fedee2e824c
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10693 External Source CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10693
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.html External Source FEDORA FEDORA-2015-8249
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html External Source SUSE SUSE-SU-2015:0889
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html External Source SUSE openSUSE-SU-2015:0893
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html External Source SUSE openSUSE-SU-2015:0894
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html External Source SUSE SUSE-SU-2015:0923
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html External Source SUSE SUSE-SU-2015:0927
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html External Source SUSE SUSE-SU-2015:0929
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html External Source SUSE SUSE-SU-2015:0896
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html External Source SUSE openSUSE-SU-2015:0983
http://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html External Source SUSE openSUSE-SU-2015:1400
http://marc.info/?l=bugtraq&m=143229451215900&w=2 External Source HP SSRT102076
http://marc.info/?l=bugtraq&m=143387998230996&w=2 External Source HP HPSBMU03349
http://rhn.redhat.com/errata/RHSA-2015-0998.html External Source REDHAT RHSA-2015:0998
http://rhn.redhat.com/errata/RHSA-2015-0999.html External Source REDHAT RHSA-2015:0999
http://rhn.redhat.com/errata/RHSA-2015-1000.html External Source REDHAT RHSA-2015:1000
http://rhn.redhat.com/errata/RHSA-2015-1001.html External Source REDHAT RHSA-2015:1001
http://rhn.redhat.com/errata/RHSA-2015-1002.html External Source REDHAT RHSA-2015:1002
http://rhn.redhat.com/errata/RHSA-2015-1003.html External Source REDHAT RHSA-2015:1003
http://rhn.redhat.com/errata/RHSA-2015-1004.html External Source REDHAT RHSA-2015:1004
http://rhn.redhat.com/errata/RHSA-2015-1011.html External Source REDHAT RHSA-2015:1011
http://support.citrix.com/article/CTX201078 External Source CONFIRM http://support.citrix.com/article/CTX201078
http://venom.crowdstrike.com/ External Source MISC http://venom.crowdstrike.com/
http://www.debian.org/security/2015/dsa-3259 External Source DEBIAN DSA-3259
http://www.debian.org/security/2015/dsa-3262 External Source DEBIAN DSA-3262
http://www.debian.org/security/2015/dsa-3274 External Source DEBIAN DSA-3274
http://www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerability External Source CONFIRM http://www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerability
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html External Source CONFIRM http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.securityfocus.com/bid/74640 External Source BID 74640
http://www.securitytracker.com/id/1032306 External Source SECTRACK 1032306
http://www.securitytracker.com/id/1032311 External Source SECTRACK 1032311
http://www.securitytracker.com/id/1032917 External Source SECTRACK 1032917
http://www.ubuntu.com/usn/USN-2608-1 External Source UBUNTU USN-2608-1
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htm External Source CONFIRM http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htm
http://xenbits.xen.org/xsa/advisory-133.html External Source CONFIRM http://xenbits.xen.org/xsa/advisory-133.html
https://access.redhat.com/articles/1444903 External Source CONFIRM https://access.redhat.com/articles/1444903
https://bto.bluecoat.com/security-advisory/sa95 External Source CONFIRM https://bto.bluecoat.com/security-advisory/sa95
https://kb.juniper.net/JSA10783 External Source CONFIRM https://kb.juniper.net/JSA10783
https://kc.mcafee.com/corporate/index?page=content&id=SB10118 External Source CONFIRM https://kc.mcafee.com/corporate/index?page=content&id=SB10118
https://security.gentoo.org/glsa/201602-01 External Source GENTOO GLSA-201602-01
https://security.gentoo.org/glsa/201604-03 External Source GENTOO GLSA-201604-03
https://security.gentoo.org/glsa/201612-27 External Source GENTOO GLSA-201612-27
https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/ External Source CONFIRM https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/
https://support.lenovo.com/us/en/product_security/venom External Source CONFIRM https://support.lenovo.com/us/en/product_security/venom
https://www.exploit-db.com/exploits/37053/ External Source EXPLOIT-DB 37053
https://www.suse.com/security/cve/CVE-2015-3456.html External Source CONFIRM https://www.suse.com/security/cve/CVE-2015-3456.html

Technical Details

Vulnerability Type (View All)

Change History 17 change records found - show changes