Unrated severityNVD Advisory· Published May 13, 2015· Updated May 6, 2026
CVE-2015-3456
CVE-2015-3456
Description
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
48- git.qemu.orgnvd
- kb.juniper.net/InfoCenter/indexnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.htmlnvd
- lists.opensuse.org/opensuse-updates/2015-08/msg00021.htmlnvd
- marc.infonvd
- marc.infonvd
- rhn.redhat.com/errata/RHSA-2015-0998.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-0999.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1000.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1001.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1002.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1003.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1004.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1011.htmlnvd
- support.citrix.com/article/CTX201078nvd
- venom.crowdstrike.comnvd
- www.debian.org/security/2015/dsa-3259nvd
- www.debian.org/security/2015/dsa-3262nvd
- www.debian.org/security/2015/dsa-3274nvd
- www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerabilitynvd
- www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlnvd
- www.securityfocus.com/bid/74640nvd
- www.securitytracker.com/id/1032306nvd
- www.securitytracker.com/id/1032311nvd
- www.securitytracker.com/id/1032917nvd
- www.ubuntu.com/usn/USN-2608-1nvd
- www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htmnvd
- xenbits.xen.org/xsa/advisory-133.htmlnvd
- access.redhat.com/articles/1444903nvd
- bto.bluecoat.com/security-advisory/sa95nvd
- kb.juniper.net/JSA10783nvd
- kc.mcafee.com/corporate/indexnvd
- security.gentoo.org/glsa/201602-01nvd
- security.gentoo.org/glsa/201604-03nvd
- security.gentoo.org/glsa/201612-27nvd
- securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/nvd
- support.lenovo.com/us/en/product_security/venomnvd
- www.arista.com/en/support/advisories-notices/security-advisories/1128-security-advisory-10nvd
- www.exploit-db.com/exploits/37053/nvd
- www.suse.com/security/cve/CVE-2015-3456.htmlnvd
News mentions
0No linked articles in our index yet.