IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance is vulnerable to Venom: Virtualized Environment Neglected Operation Manipulation (CVE-2015-3456).
CVE-ID: CVE-2015-3456**
DESCRIPTION:Open Source QEMU (Quick Emulator) is vulnerable to a buffer overflow, which is caused by improper bounds checking by the Floppy Disk Controller (FDC) emulation. By sending specially crafted FDC commands, a guest operating system attacker with access to the FDC I/O ports might overflow a buffer and execute arbitrary code on the system with root privileges.
Note:** This vulnerability is also being called VENOM.
CVSS Base Score: 7.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103116 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:A/AC:L/Au:S/C:C/I:C/A:C)
IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance up to interim fix 5
If you are running IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance, contact IBM support.
See the latest IBM Cloud Orchestrator fix release on IBM Fix Central.
None