Huawei has noticed the buffer overflow vulnerability in the floppy disk controller (FDC) of QEMU disclosed by open source organization Xen. This vulnerability allows an attacker to escape out of the virtual machine, execute code on the physical host with full privilege. (Vulnerability ID: HWPSIRT-2015-05025)

This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-3456.

CPENameOperatorVersion
fusioncomputeltV100R003C00SPC300
fusioncomputeltV100R003C10SPC600
fusioncomputeltV100R005C00SPC300
fusionsphere openstackltV100R005C00SPC115

Name	Operator	Version
fusioncompute	lt	V100R003C00SPC300
fusioncompute	lt	V100R003C10SPC600
fusioncompute	lt	V100R005C00SPC300
fusionsphere openstack	lt	V100R005C00SPC115

checkpoint_security 1

archlinux 1

lenovo 2

redhat 9

osv 6

fedora 17

openvas 49

suse 13

nessus 56

fortinet 1

freebsd 1

debian 6

altlinux 1

threatpost 3

oraclelinux 4

ibm 4

myhack58 1

prion 1

f5 2

veracode 1

cve 1

centos 4

arista 1

ubuntucve 1

mageia 3

xen 1

thn 2

symantec 1

debiancve 1

securityvulns 2

ubuntu 1

gentoo 2

checkpoint_security

Check Point response to CVE-2015-3456 (VENOM)

2015-05-12 21:00:00

archlinux

qemu: arbitrary code execution

2015-05-14 00:00:00

lenovo

Venom

2017-01-23 00:00:00

Venom - Lenovo Support US

2017-01-23 00:00:00

redhat

(RHSA-2015:1011) Important: rhev-hypervisor security update

2015-05-15 00:00:00

(RHSA-2015:1031) Important: qemu-kvm security update

2015-05-27 00:00:00

(RHSA-2015:1001) Important: qemu-kvm-rhev security update

2015-05-13 00:00:00

osv

virtualbox - security update

2015-05-28 00:00:00

xen - security update

2015-05-18 00:00:00

qemu-kvm - security update

2015-06-19 00:00:00

fedora

[SECURITY] Fedora 22 Update: xen-4.5.0-9.fc22

2015-05-26 03:43:40

[SECURITY] Fedora 22 Update: qemu-2.3.0-4.fc22

2015-05-26 03:41:20

[SECURITY] Fedora 22 Update: qemu-2.3.0-5.fc22

2015-06-11 18:35:42

openvas

Debian Security Advisory DSA 3262-1 (xen - security update)

2015-05-18 00:00:00

RedHat Update for xen RHSA-2015:1002-01

2015-06-09 00:00:00

Oracle Linux Local Check: ELSA-2015-0998

2015-10-06 00:00:00

suse

Security update for KVM (important)

2015-05-16 00:04:49

Security update for qemu (important)

2015-05-18 14:04:51

Security update for Xen (important)

2015-05-26 14:06:51

nessus

Oracle Linux 7 : qemu-kvm (ELSA-2015-0999) (Venom)

2015-05-14 00:00:00

CentOS 5 : xen (CESA-2015:1002) (Venom)

2015-05-13 00:00:00

RHEL 7 : qemu-kvm (RHSA-2015:0999) (Venom)

2015-05-13 00:00:00

fortinet

CVE-2015-3456 "VENOM" vulnerability

2015-05-19 00:00:00

freebsd

qemu, xen and VirtualBox OSE -- possible VM escape and code execution ("VENOM")

2015-04-29 00:00:00

debian

[SECURITY] [DLA 248-1] qemu security update

2015-06-19 15:05:33

[SECURITY] [DSA 3274-1] virtualbox security update

2015-05-28 21:17:43

[SECURITY] [DLA 249-1] qemu-kvm security update

2015-06-19 15:19:48

altlinux

Security fix for the ALT Linux 7 package qemu version 1.4.0-alt1.1.M70P.1

2015-05-15 00:00:00

threatpost

Oracle Patches VENOM Vulnerability

2015-05-18 10:49:00

Flaw in Virtualization Software Could Lead to VM Escapes, Data Theft

2015-05-13 09:34:43

Oracle Patches Java Zero Day

2015-07-15 09:44:12

oraclelinux

qemu-kvm security update

2015-05-13 00:00:00

xen security update

2015-05-13 00:00:00

kvm security update

2015-05-13 00:00:00

ibm

Security Bulletin:Venom qemu vulnerability affects PowerKVM (CVE-2015-3456)

2018-06-18 01:28:20

Security Bulletin: Venom vulnerability affects IBM Flex System Manager (FSM) (CVE-2015-3456)

2019-01-31 02:10:01

Security Bulletin: Venom vulnerability affects IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance

2018-06-17 22:30:13

myhack58

Vulnerability warning:“venom（VENOM”the vulnerability affects millions worldwide virtual machine security-vulnerability warning-the black bar safety net

2015-05-15 00:00:00

prion

Out-of-bounds

2015-05-13 18:59:00

K16620 : QEMU vulnerability CVE-2015-3456

2015-10-03 00:00:00

SOL16620 - QEMU vulnerability CVE-2015-3456

2015-05-13 00:00:00

veracode

Denial Of Service (DoS)

2019-01-15 09:05:54

cve

CVE-2015-3456

2015-05-13 18:59:00

centos

xen security update

2015-05-13 15:16:55

qemu security update

2015-05-13 15:37:07

kmod, kvm security update

2015-05-13 18:37:00

arista

Security Advisory 0010

2015-05-14 00:00:00

ubuntucve

CVE-2015-3456

2015-05-13 00:00:00

mageia

Updated virtualbox packages fix security vulnerabilities

2015-05-15 21:23:49

Updated qemu packages fix CVE-2015-3456

2015-05-13 18:54:07

Updated xen packages fix security vulnerabilities

2016-03-07 14:20:30

xen

Privilege escalation via emulated floppy disk drive

2015-05-13 11:15:00

thn

Why You Should Consider QEMU Live Patching

2021-09-23 11:16:00

Venom Vulnerability Exposes Most Data Centers to Cyber Attacks

2015-05-14 05:32:00

symantec

SA95 : VENOM Vulnerability in Virtualization Platforms

2015-05-15 08:00:00

debiancve

CVE-2015-3456

2015-05-13 18:59:00

securityvulns

[USN-2608-1] QEMU vulnerabilities

2015-05-17 00:00:00

libvirt / qemu security vulnerabilities

2015-05-17 00:00:00

ubuntu

QEMU vulnerabilities

2015-05-13 00:00:00

gentoo

VirtualBox: Multiple vulnerabilities

2016-12-11 00:00:00

QEMU: Multiple vulnerabilities

2016-02-04 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.7 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

40.1%

JSON

Related for HUAWEI-SA-20150609-01-VENOM