NVD Vulnerability Detail

CVE-2015-3456

Summary	The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.
Publication Date	May 14, 2015, 3:59 a.m.
Registration Date	Jan. 26, 2021, 2:49 p.m.
Last Update	Nov. 21, 2024, 11:29 a.m.

CVSS2.0 : HIGH
Score	7.7
Vector	AV:A/AC:L/Au:S/C:C/I:C/A:C
攻撃元区分(AV)	隣接
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	単一
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:qemu:qemu::::::::			2.3.0

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:redhat:openstack:4.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
cpe:2.3:a:redhat:openstack:5.0:::::::*
cpe:2.3:a:redhat:openstack:7.0:::::::*
cpe:2.3:a:redhat:enterprise_virtualization:3.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:5:::::::*
cpe:2.3:o:xen:xen:4.5.0:::::::*
cpe:2.3:a:redhat:openstack:6.0:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=e907746266721f305d67bc0718795fedee2e824c
2	http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=e907746266721f305d67bc0718795fedee2e824c
3	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10693
4	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10693
5	http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.html
6	http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.html
7	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html
8	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html
9	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html
10	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html
11	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html
12	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html
13	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html
14	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html
15	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html
16	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html
17	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html
18	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html
19	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html
20	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html
21	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html
22	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html
23	http://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html
24	http://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html
25	http://marc.info/?l=bugtraq&m=143229451215900&w=2
26	http://marc.info/?l=bugtraq&m=143229451215900&w=2
27	http://marc.info/?l=bugtraq&m=143229451215900&w=2
28	http://marc.info/?l=bugtraq&m=143229451215900&w=2
29	http://marc.info/?l=bugtraq&m=143387998230996&w=2
30	http://marc.info/?l=bugtraq&m=143387998230996&w=2
31	http://rhn.redhat.com/errata/RHSA-2015-0998.html
32	http://rhn.redhat.com/errata/RHSA-2015-0998.html
33	http://rhn.redhat.com/errata/RHSA-2015-0999.html
34	http://rhn.redhat.com/errata/RHSA-2015-0999.html
35	http://rhn.redhat.com/errata/RHSA-2015-1000.html
36	http://rhn.redhat.com/errata/RHSA-2015-1000.html
37	http://rhn.redhat.com/errata/RHSA-2015-1001.html
38	http://rhn.redhat.com/errata/RHSA-2015-1001.html
39	http://rhn.redhat.com/errata/RHSA-2015-1002.html
40	http://rhn.redhat.com/errata/RHSA-2015-1002.html
41	http://rhn.redhat.com/errata/RHSA-2015-1003.html
42	http://rhn.redhat.com/errata/RHSA-2015-1003.html
43	http://rhn.redhat.com/errata/RHSA-2015-1004.html
44	http://rhn.redhat.com/errata/RHSA-2015-1004.html
45	http://rhn.redhat.com/errata/RHSA-2015-1011.html
46	http://rhn.redhat.com/errata/RHSA-2015-1011.html
47	http://support.citrix.com/article/CTX201078
48	http://support.citrix.com/article/CTX201078
49	http://venom.crowdstrike.com/
50	http://venom.crowdstrike.com/
51	http://www.debian.org/security/2015/dsa-3259
52	http://www.debian.org/security/2015/dsa-3259
53	http://www.debian.org/security/2015/dsa-3262
54	http://www.debian.org/security/2015/dsa-3262
55	http://www.debian.org/security/2015/dsa-3274
56	http://www.debian.org/security/2015/dsa-3274
57	http://www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerability
58	http://www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerability
59	http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
60	http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
61	http://www.securityfocus.com/bid/74640
62	http://www.securityfocus.com/bid/74640
63	http://www.securitytracker.com/id/1032306
64	http://www.securitytracker.com/id/1032306
65	http://www.securitytracker.com/id/1032311
66	http://www.securitytracker.com/id/1032311
67	http://www.securitytracker.com/id/1032917
68	http://www.securitytracker.com/id/1032917
69	http://www.ubuntu.com/usn/USN-2608-1
70	http://www.ubuntu.com/usn/USN-2608-1
71	http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htm
72	http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htm
73	http://xenbits.xen.org/xsa/advisory-133.html
74	http://xenbits.xen.org/xsa/advisory-133.html
75	https://access.redhat.com/articles/1444903
76	https://access.redhat.com/articles/1444903
77	https://bto.bluecoat.com/security-advisory/sa95
78	https://bto.bluecoat.com/security-advisory/sa95
79	https://kb.juniper.net/JSA10783
80	https://kb.juniper.net/JSA10783
81	https://kc.mcafee.com/corporate/index?page=content&id=SB10118
82	https://kc.mcafee.com/corporate/index?page=content&id=SB10118
83	https://security.gentoo.org/glsa/201602-01
84	https://security.gentoo.org/glsa/201602-01
85	https://security.gentoo.org/glsa/201604-03
86	https://security.gentoo.org/glsa/201604-03
87	https://security.gentoo.org/glsa/201612-27
88	https://security.gentoo.org/glsa/201612-27
89	https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/
90	https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/
91	https://support.lenovo.com/us/en/product_security/venom
92	https://support.lenovo.com/us/en/product_security/venom
93	https://www.arista.com/en/support/advisories-notices/security-advisories/1128-security-advisory-10
94	https://www.arista.com/en/support/advisories-notices/security-advisories/1128-security-advisory-10
95	https://www.exploit-db.com/exploits/37053/
96	https://www.exploit-db.com/exploits/37053/
97	https://www.suse.com/security/cve/CVE-2015-3456.html
98	https://www.suse.com/security/cve/CVE-2015-3456.html

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

JVN Vulnerability Information

Xen および KVM で使用される QEMU のフロッピーディスクコントローラにおけるサービス運用妨害 (DoS) の脆弱性

Title	Xen および KVM で使用される QEMU のフロッピーディスクコントローラにおけるサービス運用妨害 (DoS) の脆弱性
Summary	Xen および KVM で使用される QEMU のフロッピーディスクコントローラ (FDC) には、サービス運用妨害 (out-of-bounds write およびゲストクラッシュ) 状態にされる、または任意のコードを実行される脆弱性が存在します。本脆弱性は、VENOM (Virtualized Environment Neglected Operations Manipulation）と呼ばれています。
Possible impacts	ローカルゲストユーザにより、(1) FD_CMD_READ_ID コマンド、(2) FD_CMD_DRIVE_SPECIFICATION_COMMAND コマンド、またはその他の不特定のコマンドを介して、サービス運用妨害 (out-of-bounds write およびゲストクラッシュ) 状態にされる、または任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	May 12, 2015, midnight
Registration Date	May 15, 2015, 4:50 p.m.
Last Update	July 29, 2015, 5:36 p.m.

Affected System

レッドハット

Red Hat Enterprise Linux (v. 5 server)

Red Hat Enterprise Linux Desktop (v. 5 client)

Red Hat Enterprise Linux Desktop (v. 6)

Red Hat Enterprise Linux Desktop (v. 7)

Red Hat Enterprise Linux HPC Node (v. 6)

Red Hat Enterprise Linux HPC Node (v. 7)

Red Hat Enterprise Linux Server (v. 6)

Red Hat Enterprise Linux Server (v. 7)

Red Hat Enterprise Linux Server EUS (v. 6.6.z)

Red Hat Enterprise Linux Workstation (v. 6)

Red Hat Enterprise Linux Workstation (v. 7)

Red Hat Enterprise Virtualization 3

Red Hat OpenStack 4.0

Red Hat OpenStack 5.0 for RHEL 6

Red Hat OpenStack 5.0 for RHEL 7

Red Hat OpenStack 6.0 for RHEL 7

RHEL Desktop Multi OS (v. 5 client)

RHEL Virtualization (v. 5 server)

ヒューレット・パッカード

HP Helion OpenStack 1.0.0

HP Helion OpenStack 1.1.0

オラクル

Oracle Linux 5

Oracle Linux 6

Oracle Linux 7

Oracle PeopleSoft Products の PeopleSoft Enterprise PT PeopleTools 8.53

Oracle PeopleSoft Products の PeopleSoft Enterprise PT PeopleTools 8.54

Oracle VM VirtualBox 3.2

Oracle VM VirtualBox 4.0

Oracle VM VirtualBox 4.1

Oracle VM VirtualBox 4.2

Oracle VM VirtualBox 4.3.28 未満の 4.3

Oracle VM サーバー 2.2

Oracle VM サーバー 3.2

Oracle VM サーバー 3.3

Xen プロジェクト

Xen 4.5.x およびそれ以前

Fabrice Bellard

QEMU

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2015-3456	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456
National Vulnerability Database (NVD)
2	CVE-2015-3456	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3456

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
HP Security Bulletin
1	HPSBMU03336	http://marc.info/?l=bugtraq&m=143229451215900&w=2
Oracle Critical Patch Update
2	Oracle Critical Patch Update Advisory - July 2015	http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
3	Oracle Security Alert for CVE-2015-3456	http://www.oracle.com/technetwork/topics/security/alert-cve-2015-3456-2542656.html
4	Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices	http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html
QEMU
5	fdc: force the fifo access to be in bounds of the allocated buffer	http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e907746266721f305d67bc0718795fedee2e824c
Red Hat Customer Portal
6	VENOM: QEMU vulnerability (CVE-2015-3456)	https://access.redhat.com/articles/1444903
Red Hat Security Advisory
7	RHSA-2015:0998	http://rhn.redhat.com/errata/RHSA-2015-0998.html
8	RHSA-2015:0999	http://rhn.redhat.com/errata/RHSA-2015-0999.html
9	RHSA-2015:1000	http://rhn.redhat.com/errata/RHSA-2015-1000.html
10	RHSA-2015:1001	http://rhn.redhat.com/errata/RHSA-2015-1001.html
11	RHSA-2015:1002	http://rhn.redhat.com/errata/RHSA-2015-1002.html
12	RHSA-2015:1003	http://rhn.redhat.com/errata/RHSA-2015-1003.html
13	RHSA-2015:1004	http://rhn.redhat.com/errata/RHSA-2015-1004.html
Red Hat Security Blog
14	VENOM, don’t get bitten.	http://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/
SECURITY BLOG
15	July 2015 Critical Patch Update Released	https://blogs.oracle.com/security/entry/july_2015_critical_patch_update
SUSE
16	CVE-2015-3456	https://www.suse.com/security/cve/CVE-2015-3456.html
Xen Security Advisory
17	XSA-133	http://xenbits.xen.org/xsa/advisory-133.html

その他

No	Name	URL
関連文書
1	VENOM	http://venom.crowdstrike.com/

Change Log

No	Changed Details	Date of change
0	[2015年05月15日] 掲載 [2015年05月20日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：オラクル (Oracle Security Alert for CVE-2015-3456) を追加 [2015年05月25日] ベンダ情報：Novell (CVE-2015-3456) を追加 [2015年06月05日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：ヒューレット・パッカード (HPSBMU03336) を追加 [2015年07月29日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：オラクル (Oracle Critical Patch Update Advisory - July 2015) を追加ベンダ情報：オラクル (Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices) を追加ベンダ情報：オラクル (July 2015 Critical Patch Update Released) を追加	Feb. 17, 2018, 10:37 a.m.

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:redhat:openstack:4.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
cpe:2.3:a:redhat:openstack:5.0:::::::*
cpe:2.3:a:redhat:openstack:7.0:::::::*
cpe:2.3:a:redhat:enterprise_virtualization:3.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:5:::::::*
cpe:2.3:o:xen:xen:4.5.0:::::::*
cpe:2.3:a:redhat:openstack:6.0:::::::*