← voltar
CVE-2015-3456

CVE-2015-3456

EPSS 15.3%
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.
Produtos afetados
n/a · n/a
PoCs públicas encontradas4
githubgithub.com/vincentbernat/cve-2015-345613githubgithub.com/orf53975/poisonfrog0cve_referencewww.exploit-db.com/exploits/37053/não verificadoexploitdbwww.exploit-db.com/exploits/37053não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=e907746266721f305d67bc0718795fedee2e824chttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10693http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.htmlhttp://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html