CVE-2015-3456

Impact:: Important
Public Date:: 2015-05-13
IAVA:: 2015-A-0112, 2015-A-0115
CWE:: CWE-119

Bugzilla:: 1218611: CVE-2015-3456 qemu: fdc: out-of-bounds fifo buffer memory access

An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.

Find out more about CVE-2015-3456 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue affects the versions of the kvm and xen packages as shipped with Red Hat Enterprise Linux 5, the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 6 and 7, and the versions of qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3. Future updates for the respective releases will address this flaw.

CVSS v2 metrics

Base Score	6.5
Base Metrics	AV:A/AC:H/Au:S/C:C/I:C/A:C
Access Vector	Adjacent Network
Access Complexity	High
Authentication	Single
Confidentiality Impact	Complete
Integrity Impact	Complete
Availability Impact	Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform	Errata	Release Date
RHEV Agents (vdsm) (qemu-kvm-rhev)	RHSA-2015:1001	2015-05-13
Red Hat Enterprise Linux Virtualization 5 (xen)	RHSA-2015:1002	2015-05-13
Red Hat Enterprise Linux 5 (xen)	RHSA-2015:1002	2015-05-13
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 (qemu-kvm-rhev)	RHSA-2015:1004	2015-05-13
Red Hat Enterprise Linux Virtualization 5 (kvm)	RHSA-2015:1003	2015-05-13
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 (qemu-kvm-rhev)	RHSA-2015:1004	2015-05-13
Red Hat Enterprise Linux OpenStack Platform 4.0 (qemu-kvm-rhev)	RHSA-2015:1004	2015-05-13
Red Hat Enterprise Linux Extended Update Support 6.5 (qemu-kvm)	RHSA-2015:1031	2015-05-27
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts	RHSA-2015:1011	2015-05-15
RHEV Hypervisor for RHEL-6 (rhev-hypervisor6)	RHSA-2015:1011	2015-05-15
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts (qemu-kvm-rhev)	RHSA-2015:1000	2015-05-13
Red Hat Enterprise Linux 6 (qemu-kvm)	RHSA-2015:0998	2015-05-13
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 (qemu-kvm-rhev)	RHSA-2015:1004	2015-05-13
Red Hat Enterprise Linux 7 (qemu-kvm)	RHSA-2015:0999	2015-05-13

Affected Packages State

Platform	Package	State
RHEV Manager 3	rhev-hypervisor	Affected

Acknowledgements

Red Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue.

External References

Last Modified 2018-05-22T18:30:09+00:00

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories