QEMU is prone to a remote memory-corruption vulnerability because the application fails to perform adequate boundary-checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts may result in a denial-of-service condition.
Information
Xen Xen 4.4.1
Xen Xen 4.4.0 Rc1
Xen Xen 4.4.0
Xen Xen 4.3.1
Xen Xen 4.3.0
Xen Xen 4.2.3
Xen Xen 4.2.2
Xen Xen 4.2.1
Xen Xen 4.2.0
Ubuntu Ubuntu Linux 15.04
Ubuntu Ubuntu Linux 14.10
Ubuntu Ubuntu Linux 14.04 LTS
Ubuntu Ubuntu Linux 12.04 LTS i386
Ubuntu Ubuntu Linux 12.04 LTS amd64
SuSE SUSE Linux Enterprise Software Development Kit 11 SP3
SuSE SUSE Linux Enterprise Server 11 SP3
SuSE SUSE Linux Enterprise Server 11 SP2
SuSE SUSE Linux Enterprise Server 11 SP1
SuSE SUSE Linux Enterprise Server 10 SP4 LTSS
SuSE SUSE Linux Enterprise Server 10 SP4
SuSE SUSE Linux Enterprise Server 10 SP3
SuSE Linux Enterprise Software Development Kit 12
SuSE Linux Enterprise Server 12
SuSE Linux Enterprise Server 11 SP2 LTSS
SuSE Linux Enterprise Server 11 SP1 LTSS
SuSE Linux Enterprise Expanded Support 7
SuSE Linux Enterprise Expanded Support 6
SuSE Linux Enterprise Expanded Support 5
SuSE Linux Enterprise Desktop 12
SuSE Linux Enterprise Desktop 11 SP3
S.u.S.E. openSUSE 13.2
S.u.S.E. openSUSE 13.1
Redhat OpenStack 6.0 for RHEL 7
Redhat OpenStack 5.0 for RHEL 7
Redhat OpenStack 5.0 for RHEL 6
Redhat OpenStack 4.0
Redhat Enterprise Virtualization 3
Redhat Enterprise Linux Workstation 7
Redhat Enterprise Linux Workstation 6
Redhat Enterprise Linux Virtualization 5 Server
Redhat Enterprise Linux Server EUS 6.5.z
Redhat Enterprise Linux Server AUS 6.5
Redhat Enterprise Linux Server 7
Redhat Enterprise Linux Server 6
Redhat Enterprise Linux HPC Node 7
Redhat Enterprise Linux HPC Node 6
Redhat Enterprise Linux Desktop Multi OS 5 client
Redhat Enterprise Linux Desktop 7
Redhat Enterprise Linux Desktop 6
Redhat Enterprise Linux Desktop 5 client
Redhat Enterprise Linux 5 Server
QEMU QEMU 0
Oracle PeopleSoft Enterprise PeopleTools 8.54
Oracle PeopleSoft Enterprise PeopleTools 8.53
Oracle Enterprise Linux 7
Oracle Enterprise Linux 6.2
Oracle Enterprise Linux 6
Oracle Enterprise Linux 5
Juniper NorthStar Controller Application 2.1.0
Joyent SmartDataCenter (SDC) 0
Joyent Public Cloud (JPC) 0
IBM PureApplication System 2.1
IBM PureApplication System 2.0
IBM PowerKVM 2.1
IBM Flex System Manager 1.3.2 0
IBM Flex System Manager 1.3.3.0
IBM Flex System Manager 1.3.1.0
IBM Flex System Manager 1.3.0.1
IBM Flex System Manager 1.3.0.0
IBM Flex System Manager 1.2.1.0
IBM Flex System Manager 1.2.0.0
IBM Flex System Manager 1.1.0.0
Huawei FusionCompute V100R005C10
Huawei FusionCompute V100R005C00SPC300
Huawei FusionCompute V100R005C00
Huawei FusionCompute V100R003C10SPC600
Huawei FusionCompute V100R003C10CP6001
Huawei FusionCompute V100R003C10
Huawei FusionCompute V100R003C00SPC300
Huawei FusionCompute V100R003C00
HP Helion OpenStack 1.1.0
HP Helion OpenStack 1.0.0
HP Helion CloudSystem 8.1
Gentoo Linux
Fortinet FortiSandbox 2.0.2
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Citrix XenServer 6.0.2
Citrix XenServer 6.5
Citrix XenServer 6.2
Citrix XenServer 6.1
Citrix XenServer 6.0
CentOS CentOS 7
CentOS CentOS 6
CentOS CentOS 5
Huawei FusionCompute V100R005C00CP3001
Fortinet FortiSandbox 2.0.3
Exploit
Reportedly, this issue is being exploited in the wild.
References:
- fdc: force the fifo access to be in bounds of the allocated buffer (Petr Matousek)
- QEMU Homepage (QEMU)
- VENOM, donâ??t get bitten (Petr Matousek)
- Virtualized Environment Neglected Operations Manipulation (CrowdStrike)
- 2107-04 Security Bulletin: Multiple Vulnerabilities in NorthStar Controller Appl (juniper)
- Advisory XSA-133 (Xen)
- Citrix Security Advisory for CVE-2015-3456 (Citrix)
- CVE-2015-3456 "VENOM" vulnerability (Fortinet)
- HPSBMU03336 rev.1- HP Helion OpenStack affected by VENOM, Denial of Service (DoS (HP)
- HPSBMU03349 rev.1- HP Helion CloudSystem, Local Denial of Service (DoS), Arbitra (HP)
- Oracle Critical Patch Update Advisory - July 2015 (Oracle)
- qemu/KVM/Xen: floppy driver allows VM escape ("VENOM" vulnerability, CVE-2015-34 (SUSE)
- Red Hat RHSA-2015-1031 (Red Hat)
- rhev-hypervisor security update (Red Hat)
- RHSA-2015:0999 Important: qemu-kvm security update (Red Hat)
- RHSA-2015:1000 Important: qemu-kvm-rhev security update (Red Hat)
- RHSA-2015:1001 Important: qemu-kvm-rhev security update (Red Hat)
- RHSA-2015:1004 Important: qemu-kvm-rhev security update (Red Hat)
- Security Advisory - VENOM Vulnerability in Huawei Products (Huawei)
- Security Advisory on Venom, CVE-2015-3456 in KVM/QEMU (Joyent)
- Security Bulletin: Venom vulnerability affects IBM Flex System Manager (FSM) (CV (IBM)
- Security Bulletin: Venom vulnerability affects IBM PureApplication System (CVE-2 (IBM)
- Security Bulletin:Venom qemu vulnerability affects PowerKVM (CVE-2015-3456) (IBM)
- Security Notice - Statement About the Xen VENOM Vulnerability (Huawei)
- SUSE Security Update: Security update for KVM (SUSE)
- SUSE Security Update: Security update for KVM (SUSE)
- SUSE Security Update: Security update for qemu (SUSE)
- SUSE Security Update: Security update for Xen (SUSE)
- SUSE-SU-2015:0944-1 (SUSE)
- Venom (CVE-2015-3456) (IBM)