7.7 High
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:S/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
40.1%
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier
and KVM, allows local guest users to cause a denial of service
(out-of-bounds write and guest crash) or possibly execute arbitrary code
via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or
other unspecified commands, aka VENOM.
Author | Note |
---|---|
mdeslaur | See https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/VENOM |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 14.04 | noarch | qemu | <Β 2.0.0+dfsg-2ubuntu1.11 | UNKNOWN |
ubuntu | 14.10 | noarch | qemu | <Β 2.1+dfsg-4ubuntu6.6 | UNKNOWN |
ubuntu | 15.04 | noarch | qemu | <Β 1:2.2+dfsg-5expubuntu9.1 | UNKNOWN |
ubuntu | 12.04 | noarch | qemu-kvm | <Β 1.0+noroms-0ubuntu14.22 | UNKNOWN |
ubuntu | 12.04 | noarch | virtualbox | <Β 4.1.12-dfsg-2ubuntu0.10 | UNKNOWN |
ubuntu | 14.04 | noarch | virtualbox | <Β 4.3.10-dfsg-1ubuntu5 | UNKNOWN |
ubuntu | 14.10 | noarch | virtualbox | <Β 4.3.18-dfsg-2ubuntu3 | UNKNOWN |
ubuntu | 15.04 | noarch | virtualbox | <Β 4.3.26-dfsg-2ubuntu2 | UNKNOWN |
ubuntu | 12.04 | noarch | xen | <Β 4.1.6.1-0ubuntu0.12.04.6 | UNKNOWN |
ubuntu | 14.04 | noarch | xen | <Β 4.4.1-0ubuntu0.14.04.6 | UNKNOWN |