qemu-kvm is vulnerable to denial of service (DoS) attacks. The vulnerability exists as the Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.Though the VENOM vulnerability is also agnostic of the guest operating system, an attacker (or an attacker’s malware) would need to have administrative or root privileges in the guest operating system in order to exploit VENOM.
git.qemu.org/?p=qemu.git;a=commitdiff;h=e907746266721f305d67bc0718795fedee2e824c
kb.juniper.net/InfoCenter/index?page=content&id=JSA10693
lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.html
lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html
lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html
lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html
lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html
lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html
lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html
lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html
lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html
lists.opensuse.org/opensuse-updates/2015-08/msg00021.html
marc.info/?l=bugtraq&m=143229451215900&w=2
marc.info/?l=bugtraq&m=143387998230996&w=2
rhn.redhat.com/errata/RHSA-2015-0998.html
rhn.redhat.com/errata/RHSA-2015-0999.html
rhn.redhat.com/errata/RHSA-2015-1000.html
rhn.redhat.com/errata/RHSA-2015-1001.html
rhn.redhat.com/errata/RHSA-2015-1002.html
rhn.redhat.com/errata/RHSA-2015-1003.html
rhn.redhat.com/errata/RHSA-2015-1004.html
rhn.redhat.com/errata/RHSA-2015-1011.html
support.citrix.com/article/CTX201078
venom.crowdstrike.com/
www.debian.org/security/2015/dsa-3259
www.debian.org/security/2015/dsa-3262
www.debian.org/security/2015/dsa-3274
www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerability
www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
www.securityfocus.com/bid/74640
www.securitytracker.com/id/1032306
www.securitytracker.com/id/1032311
www.securitytracker.com/id/1032917
www.ubuntu.com/usn/USN-2608-1
www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htm
xenbits.xen.org/xsa/advisory-133.html
access.redhat.com/articles/1444903
access.redhat.com/security/updates/classification/#important
bto.bluecoat.com/security-advisory/sa95
kb.juniper.net/JSA10783
kc.mcafee.com/corporate/index?page=content&id=SB10118
rhn.redhat.com/errata/RHSA-2015-0998.html
security.gentoo.org/glsa/201602-01
security.gentoo.org/glsa/201604-03
security.gentoo.org/glsa/201612-27
securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/
support.lenovo.com/us/en/product_security/venom
www.arista.com/en/support/advisories-notices/security-advisories/1128-security-advisory-10
www.exploit-db.com/exploits/37053/
www.suse.com/security/cve/CVE-2015-3456.html