CVE-2015-3456

Priority
High
Description
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier
and KVM, allows local guest users to cause a denial of service
(out-of-bounds write and guest crash) or possibly execute arbitrary code
via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or
other unspecified commands, aka VENOM.
References
Notes
 mdeslaur> See https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/VENOM
Assigned-to
mdeslaur
Package
Source: xen (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):released (4.1.6.1-0ubuntu0.12.04.6)
Ubuntu 14.04 LTS (Trusty Tahr):released (4.4.1-0ubuntu0.14.04.6)
Ubuntu Touch 15.04:not-affected
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):released (1.0+noroms-0ubuntu14.22)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Touch 15.04:DNE
Package
Source: qemu (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (2.0.0+dfsg-2ubuntu1.11)
Ubuntu Touch 15.04:released (1:2.2+dfsg-5expubuntu10)
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):released (4.1.12-dfsg-2ubuntu0.10)
Ubuntu 14.04 LTS (Trusty Tahr):released (4.3.10-dfsg-1ubuntu5)
Ubuntu Touch 15.04:released (4.3.28-dfsg-1)
More Information

Updated: 2016-03-23 03:42:05 UTC (commit 10817)