Vulnerability CVE-2015-3456: Information
Description
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.
Severity: HIGH (7.7)
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
qemu | sisyphus | 2.3.0-alt2 | 8.2.3-alt1 | ALT-PU-2015-1439-1 | 144391 | Fixed |
qemu | p10 | 2.3.0-alt2 | 8.2.2-alt0.p10.1 | ALT-PU-2015-1439-1 | 144391 | Fixed |
qemu | p9 | 2.3.0-alt2 | 5.2.0-alt6 | ALT-PU-2015-1439-1 | 144391 | Fixed |
qemu | c10f1 | 2.3.0-alt2 | 8.2.2-alt0.p10.1 | ALT-PU-2015-1439-1 | 144391 | Fixed |
qemu | c9f2 | 2.3.0-alt2 | 5.2.0-alt6.c9.1 | ALT-PU-2015-1439-1 | 144391 | Fixed |
qemu | c7 | 2.5.0-alt0.M70C.1 | 2.5.1.1-alt0.M70C.5 | ALT-PU-2016-1271-1 | 161338 | Fixed |
qemu | p11 | 2.3.0-alt2 | 8.2.3-alt1 | ALT-PU-2015-1439-1 | 144391 | Fixed |