Description
An out-of-bounds memory access flaw, also known as “VENOM,” was found in the way QEMU’s virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host’s QEMU process corresponding to the guest. (CVE-2015-3456)
Impact
This vulnerability may allow unauthorized modification or disruption of service. F5 products are subject to this vulnerability only when configured as a vCMP hypervisor host. A vCMP guest itself is not vulnerable, but a user with root or administrator-level permissions within a configured vCMP guest is required for the attack. BIG-IP Virtual Edition and non-vCMP deployments of the BIG-IP system are not impacted.
Important: A third party KVM hypervisor on which a BIG-IP Virtual Edition guest instance is installed might be vulnerable; however, the BIG-IP Virtual Edition guest instance itself is not vulnerable. Customers in this deployment model need to check with the provider of their KVM hypervisor for details on their specific status.
Status
F5 Product Development has assigned ID 523032 to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, BIG-IP iHealth may list Heuristic H523048 on the Diagnostics> Identified> High screen.
To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:
Product | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature |
---|---|---|---|---|
BIG-IP LTM | 11.0.0 - 11.6.0 | 12.0.0 | ||
11.6.0 HF5 | ||||
11.5.3 HF2 | ||||
11.5.1 HF9 | ||||
11.4.1 HF9 | ||||
11.2.1 HF15 | ||||
10.1.0 - 10.2.4 1 | ||||
Severe | vCMP Host Hypervisor (qemu-kvm) | |||
BIG-IP AAM | 11.4.0 - 11.6.0 | 12.0.0 | ||
11.6.0 HF5 | ||||
11.5.3 HF2 | ||||
11.5.1 HF9 | ||||
11.4.1 HF9 | Severe | vCMP Host Hypervisor (qemu-kvm) | ||
BIG-IP AFM | 11.3.0 - 11.6.0 | 12.0.0 | ||
11.6.0 HF5 | ||||
11.5.3 HF2 | ||||
11.5.1 HF9 | ||||
11.4.1 HF9 | Severe | vCMP Host Hypervisor (qemu-kvm) | ||
BIG-IP Analytics | 11.0.0 - 11.6.0 | 12.0.0 | ||
11.6.0 HF5 | ||||
11.5.3 HF2 | ||||
11.5.1 HF9 | ||||
11.4.1 HF9 | ||||
11.2.1 HF15 | Severe | vCMP Host Hypervisor (qemu-kvm) | ||
BIG-IP APM | 11.0.0 - 11.6.0 | 12.0.0 | ||
11.6.0 HF5 | ||||
11.5.3 HF2 | ||||
11.5.1 HF9 | ||||
11.4.1 HF9 | ||||
11.2.1 HF15 | ||||
10.1.0 - 10.2.4 1 | Severe | vCMP Host Hypervisor (qemu-kvm) | ||
BIG-IP ASM | 11.0.0 - 11.6.0 | 12.0.0 | ||
11.6.0 HF5 | ||||
11.5.3 HF2 | ||||
11.5.1 HF9 | ||||
11.4.1 HF9 | ||||
11.2.1 HF15 | ||||
10.1.0 - 10.2.4 1 | Severe | vCMP Host Hypervisor (qemu-kvm) | ||
BIG-IP DNS | None | 12.0.0 | Not vulnerable | None |
BIG-IP Edge Gateway | 11.0.0 - 11.3.0 | 11.2.1 HF15 | ||
10.1.0 - 10.2.4 1 | Severe | vCMP Host Hypervisor (qemu-kvm) | ||
BIG-IP GTM | 11.0.0 - 11.6.0 | 11.6.0 HF5 | ||
11.5.3 HF2 | ||||
11.5.1 HF9 | ||||
11.4.1 HF9 | ||||
11.2.1 HF15 | ||||
10.1.0 - 10.2.4 1 | Severe | vCMP Host Hypervisor (qemu-kvm) | ||
BIG-IP Link Controller | 11.0.0 - 11.6.0 | 12.0.0 | ||
11.6.0 HF5 | ||||
11.5.3 HF2 | ||||
11.5.1 HF9 | ||||
11.4.1 HF9 | ||||
11.2.1 HF15 | ||||
10.1.0 - 10.2.4 1 | Severe | vCMP Host Hypervisor (qemu-kvm) | ||
BIG-IP PEM | 11.3.0 - 11.6.0 | 12.0.0 | ||
11.6.0 HF5 | ||||
11.5.3 HF2 | ||||
11.5.1 HF9 | ||||
11.4.1 HF9 | Severe | vCMP Host Hypervisor (qemu-kvm) | ||
BIG-IP PSM | 11.0.0 - 11.4.1 | 11.4.1 HF9 | ||
10.1.0 - 10.2.4 1 | Severe | vCMP Host Hypervisor (qemu-kvm) | ||
BIG-IP WebAccelerator | 11.0.0 - 11.3.0 | 11.2.1 HF15 | ||
10.1.0 - 10.2.4 1 | Severe | vCMP Host Hypervisor (qemu-kvm) | ||
BIG-IP WOM | 11.0.0 - 11.3.0 | 11.2.1 HF15 | ||
10.1.0 - 10.2.4 1 | Severe | vCMP Host Hypervisor (qemu-kvm) | ||
ARX | None | 6.0.0 - 6.4.0 | Not vulnerable | |
None | ||||
Enterprise Manager | None | |||
3.0.0 - 3.1.1 | Not vulnerable | |||
None | ||||
FirePass | None | |||
7.0.0 | ||||
6.0.0 - 6.1.0 | Not vulnerable | |||
None | ||||
BIG-IQ Cloud | None | 4.0.0 - 4.5.0 | ||
Not vulnerable | ||||
None |
BIG-IQ Device| None
| 4.2.0 - 4.5.0
| Not vulnerable
| None
BIG-IQ Security| None
| 4.0.0 - 4.5.0
| Not vulnerable
| None
BIG-IQ ADC| None
| 4.5.0
| Not vulnerable
| None
LineRate| None| 2.2.0 - 2.5.0
1.6.0 - 1.6.4| Not vulnerable
| None
F5 WebSafe| None
| 1.0.0| Not vulnerable
| None
Traffix SDC| None
| 4.0.0 - 4.1.0
3.3.2 - 3.5.1| Not vulnerable
| None
1 vCMP is not available on BIG-IP versions prior to 11.0.0.
Recommended Action
If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.
F5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in K4602: Overview of the F5 security vulnerability response policy.
Supplemental Information
CPE | Name | Operator | Version |
---|---|---|---|
big-ip afm | eq | 11.3.0 | |
big-ip afm | eq | 11.4.0 | |
big-ip afm | eq | 11.4.1 | |
big-ip afm | eq | 11.5.0 | |
big-ip afm | eq | 11.5.1 | |
big-ip afm | eq | 11.5.2 | |
big-ip afm | eq | 11.5.3 | |
big-ip afm | eq | 11.6.0 | |
big-ip afm | eq | 12.0.0 | |
big-ip analytics | eq | 11.0.0 |