Описание
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.
An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
Отчет
This issue affects the versions of the kvm and xen packages as shipped with Red Hat Enterprise Linux 5, the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 6 and 7, and the versions of qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3. Future updates for the respective releases will address this flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kvm | Affected | ||
| Red Hat Enterprise Linux Extended Update Support 5.6 | kvm | Affected | ||
| Red Hat Enterprise Linux Extended Update Support 5.6 | xen | Affected | ||
| Red Hat Enterprise Linux Extended Update Support 5.9 | kvm | Affected | ||
| Red Hat Enterprise Linux Extended Update Support 5.9 | xen | Affected | ||
| Red Hat Enterprise Linux Extended Update Support 6.2 | qemu-kvm | Affected | ||
| Red Hat Enterprise Linux Extended Update Support 6.4 | qemu-kvm | Affected | ||
| OpenStack 4 for RHEL 6 | qemu-kvm-rhev | Fixed | RHSA-2015:1004 | 13.05.2015 |
| Red Hat Enterprise Linux 5 | kvm | Fixed | RHSA-2015:1003 | 13.05.2015 |
| Red Hat Enterprise Linux 5 | xen | Fixed | RHSA-2015:1002 | 13.05.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS2
Связанные уязвимости
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and ear ...
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.
EPSS
6.5 Medium
CVSS2