Unrated severityNVD Advisory· Published May 13, 2015· Updated Jun 17, 2026
CVE-2015-3456
CVE-2015-3456
Description
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
22- cpe:2.3:a:redhat:enterprise_virtualization:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- osv-coords10 versionspkg:rpm/opensuse/qemu&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/virtualbox&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/xen&distro=openSUSE%20Tumbleweedpkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012
< 2.6.1-1.5+ 9 more
- (no CPE)range: < 2.6.1-1.5
- (no CPE)range: < 5.1.10-2.5
- (no CPE)range: < 4.7.0_12-1.3
- (no CPE)range: < 2.0.2-46.1
- (no CPE)range: < 2.0.2-46.1
- (no CPE)range: < 2.0.2-46.1
- (no CPE)range: < 4.4.2_04-18.1
- (no CPE)range: < 4.4.2_04-18.1
- (no CPE)range: < 4.4.2_04-18.1
- (no CPE)range: < 4.4.2_04-18.1
Patches
Vulnerability mechanics
References
48- git.qemu.orgnvd
- kb.juniper.net/InfoCenter/indexnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.htmlnvd
- lists.opensuse.org/opensuse-updates/2015-08/msg00021.htmlnvd
- marc.infonvd
- marc.infonvd
- rhn.redhat.com/errata/RHSA-2015-0998.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-0999.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1000.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1001.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1002.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1003.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1004.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1011.htmlnvd
- support.citrix.com/article/CTX201078nvd
- venom.crowdstrike.comnvd
- www.debian.org/security/2015/dsa-3259nvd
- www.debian.org/security/2015/dsa-3262nvd
- www.debian.org/security/2015/dsa-3274nvd
- www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerabilitynvd
- www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlnvd
- www.securityfocus.com/bid/74640nvd
- www.securitytracker.com/id/1032306nvd
- www.securitytracker.com/id/1032311nvd
- www.securitytracker.com/id/1032917nvd
- www.ubuntu.com/usn/USN-2608-1nvd
- www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htmnvd
- xenbits.xen.org/xsa/advisory-133.htmlnvd
- access.redhat.com/articles/1444903nvd
- bto.bluecoat.com/security-advisory/sa95nvd
- kb.juniper.net/JSA10783nvd
- kc.mcafee.com/corporate/indexnvd
- security.gentoo.org/glsa/201602-01nvd
- security.gentoo.org/glsa/201604-03nvd
- security.gentoo.org/glsa/201612-27nvd
- securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/nvd
- support.lenovo.com/us/en/product_security/venomnvd
- www.arista.com/en/support/advisories-notices/security-advisories/1128-security-advisory-10nvd
- www.exploit-db.com/exploits/37053/nvd
- www.suse.com/security/cve/CVE-2015-3456.htmlnvd
News mentions
0No linked articles in our index yet.