VENOM: QEMU vulnerability (CVE-2015-3456), update advised

VENOM, the latest high-profile security vulnerability, is caused by a buffer overflow bug in the Floppy Disk Controller implementation in the QEMU virtualizer used by the KVM/QEMU and Xen hypervisors. The flaw could potentially allow an attacker with admin privileges on a guest (VM) to crash the guest and execute arbitrary code on the host with the same privileges as the QEMU binary. The flaw affects systems even if they don't use the FDC. There's currently no exploit available. All Red Hat products that include QEMU are potentially affected.

Red Hat has provided updated QEMU, KVM, and Xen packages that fix this problem through errata for respective products. For more detailed information, remediation instructions, and links to errata, see the following Kbase article: VENOM: QEMU vulnerability (CVE-2015-3456). Other background information is also available in the Red Hat Security blog: VENOM, don’t get bitten.