7.7 High
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:S/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
40.1%
The code in qemu which emulates a floppy disk controller did not correctly bounds check accesses to an array and therefore was vulnerable to a buffer overflow attack.
A guest which has access to an emulated floppy device can exploit this vulnerability to take over the qemu process elevating its privilege to that of the qemu process.
All Xen systems running x86 HVM guests without stubdomains are vulnerable to this depending on the specific guest configuration. The default configuration is vulnerable.
Guests using either the traditional βqemu-xenβ or upstream qemu device models are vulnerable.
Guests using a qemu-dm stubdomain to run the device model are only vulnerable to takeover of that service domain.
Systems running only x86 PV guests are not vulnerable.
ARM systems are not vulnerable.