Jason Geffner discovered a buffer overflow in the emulated floppy
disk drive, resulting in the potential execution of arbitrary code.
This only affects HVM guests.

For the oldstable distribution (wheezy), this problem has been fixed
in version 4.1.4-3+deb7u6.

The stable distribution (jessie) is already fixed through the qemu
update provided as DSA-3259-1.

We recommend that you upgrade your xen packages.

CPENameOperatorVersion
xeneq4.1.4-3+deb7u2
xeneq4.1.4-3+deb7u5
xeneq4.1.4-3
xeneq4.1.4-3+deb7u4
xeneq4.1.4-3+deb7u1
xeneq4.1.4-3+deb7u3

Name	Operator	Version
xen	eq	4.1.4-3+deb7u2
xen	eq	4.1.4-3+deb7u5
xen	eq	4.1.4-3
xen	eq	4.1.4-3+deb7u4
xen	eq	4.1.4-3+deb7u1
xen	eq	4.1.4-3+deb7u3

References

www.debian.org/security/2015/dsa-3262

checkpoint_security 1

archlinux 1

redhat 9

osv 5

openvas 56

nessus 55

fortinet 1

debian 6

lenovo 2

altlinux 1

fedora 13

suse 13

huawei 1

freebsd 1

threatpost 3

ibm 4

oraclelinux 4

myhack58 1

prion 1

f5 2

veracode 1

cve 1

centos 4

ubuntucve 1

arista 1

xen 1

mageia 2

thn 2

symantec 1

debiancve 1

securityvulns 2

ubuntu 1

gentoo 1

checkpoint_security

Check Point response to CVE-2015-3456 (VENOM)

2015-05-12 21:00:00

archlinux

qemu: arbitrary code execution

2015-05-14 00:00:00

redhat

(RHSA-2015:1011) Important: rhev-hypervisor security update

2015-05-15 00:00:00

(RHSA-2015:1031) Important: qemu-kvm security update

2015-05-27 00:00:00

(RHSA-2015:1001) Important: qemu-kvm-rhev security update

2015-05-13 00:00:00

osv

virtualbox - security update

2015-05-28 00:00:00

qemu-kvm - security update

2015-06-19 00:00:00

qemu - security update

2015-06-19 00:00:00

openvas

Debian Security Advisory DSA 3262-1 (xen - security update)

2015-05-18 00:00:00

RedHat Update for xen RHSA-2015:1002-01

2015-06-09 00:00:00

Debian: Security Advisory (DLA-248-1)

2023-03-08 00:00:00

nessus

Oracle Linux 7 : qemu-kvm (ELSA-2015-0999) (Venom)

2015-05-14 00:00:00

CentOS 5 : xen (CESA-2015:1002) (Venom)

2015-05-13 00:00:00

RHEL 7 : qemu-kvm (RHSA-2015:0999) (Venom)

2015-05-13 00:00:00

fortinet

CVE-2015-3456 "VENOM" vulnerability

2015-05-19 00:00:00

debian

[SECURITY] [DLA 248-1] qemu security update

2015-06-19 15:05:33

[SECURITY] [DLA 249-1] qemu-kvm security update

2015-06-19 15:19:48

[SECURITY] [DSA 3274-1] virtualbox security update

2015-05-28 21:17:43

lenovo

Venom

2017-01-23 00:00:00

Venom - Lenovo Support US

2017-01-23 00:00:00

altlinux

Security fix for the ALT Linux 7 package qemu version 1.4.0-alt1.1.M70P.1

2015-05-15 00:00:00

fedora

[SECURITY] Fedora 22 Update: xen-4.5.0-9.fc22

2015-05-26 03:43:40

[SECURITY] Fedora 22 Update: qemu-2.3.0-4.fc22

2015-05-26 03:41:20

[SECURITY] Fedora 22 Update: qemu-2.3.0-5.fc22

2015-06-11 18:35:42

suse

Security update for KVM (important)

2015-05-16 00:04:49

Security update for qemu (important)

2015-05-18 14:04:51

Security update for Xen (important)

2015-05-26 14:06:51

huawei

Security Advisory - VENOM Vulnerability in Huawei Products

2015-06-09 00:00:00

freebsd

qemu, xen and VirtualBox OSE -- possible VM escape and code execution ("VENOM")

2015-04-29 00:00:00

threatpost

Oracle Patches VENOM Vulnerability

2015-05-18 10:49:00

Flaw in Virtualization Software Could Lead to VM Escapes, Data Theft

2015-05-13 09:34:43

Oracle Patches Java Zero Day

2015-07-15 09:44:12

ibm

Security Bulletin:Venom qemu vulnerability affects PowerKVM (CVE-2015-3456)

2018-06-18 01:28:20

Security Bulletin: Venom vulnerability affects IBM Flex System Manager (FSM) (CVE-2015-3456)

2019-01-31 02:10:01

Security Bulletin: Venom vulnerability affects IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance

2018-06-17 22:30:13

oraclelinux

qemu-kvm security update

2015-05-13 00:00:00

xen security update

2015-05-13 00:00:00

kvm security update

2015-05-13 00:00:00

myhack58

Vulnerability warning:“venom（VENOM”the vulnerability affects millions worldwide virtual machine security-vulnerability warning-the black bar safety net

2015-05-15 00:00:00

prion

Out-of-bounds

2015-05-13 18:59:00

K16620 : QEMU vulnerability CVE-2015-3456

2015-10-03 00:00:00

SOL16620 - QEMU vulnerability CVE-2015-3456

2015-05-13 00:00:00

veracode

Denial Of Service (DoS)

2019-01-15 09:05:54

cve

CVE-2015-3456

2015-05-13 18:59:00

centos

xen security update

2015-05-13 15:16:55

qemu security update

2015-05-13 15:37:07

libcacard, qemu security update

2015-05-13 16:57:36

ubuntucve

CVE-2015-3456

2015-05-13 00:00:00

arista

Security Advisory 0010

2015-05-14 00:00:00

xen

Privilege escalation via emulated floppy disk drive

2015-05-13 11:15:00

mageia

Updated virtualbox packages fix security vulnerabilities

2015-05-15 21:23:49

Updated qemu packages fix CVE-2015-3456

2015-05-13 18:54:07

thn

Venom Vulnerability Exposes Most Data Centers to Cyber Attacks

2015-05-14 05:32:00

Why You Should Consider QEMU Live Patching

2021-09-23 11:16:00

symantec

SA95 : VENOM Vulnerability in Virtualization Platforms

2015-05-15 08:00:00

debiancve

CVE-2015-3456

2015-05-13 18:59:00

securityvulns

[USN-2608-1] QEMU vulnerabilities

2015-05-17 00:00:00

libvirt / qemu security vulnerabilities

2015-05-17 00:00:00

ubuntu

QEMU vulnerabilities

2015-05-13 00:00:00

gentoo

VirtualBox: Multiple vulnerabilities

2016-12-11 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.7 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:C/I:C/A:C

JSON

Related for OSV:DSA-3262-1