CVE-2015-3456
virtualbox - security update
EPSS 19.3%
Description
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.
How to fix CVE-2015-3456
To remediate CVE-2015-3456, upgrade the affected package to a fixed version below.
- Debian/qemu—upgrade to 1:2.3+dfsg-3 or later
- Debian/qemu—upgrade to 0.12.5+dfsg-3squeeze5 or later
- —upgrade to 0.12.5+dfsg-5+squeeze12 or later
- —upgrade to 4.1.18-dfsg-2+deb7u5 or later
- —upgrade to 4.4.0-1 or later
- —upgrade to 4.1.4-3+deb7u6 or later
Is CVE-2015-3456 being exploited?
Moderate — EPSS is 19.3%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (6)
- from 0, < 1:2.3+dfsg-3
- from 0, < 0.12.5+dfsg-3squeeze5
- from 0, < 0.12.5+dfsg-5+squeeze12
- from 0, < 4.1.18-dfsg-2+deb7u5
- from 0, < 4.4.0-1
- from 0, < 4.1.4-3+deb7u6