CVE-2015-3456

Exp

The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.

Published: 2015-05-13 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2015-3456 is rated High Exploit Risk (75.5/100): CVSS High severity, with high exploitation likelihood (EPSS 15.28%, 96th percentile). 1 public exploit reference(s) are indexed (Exploit-DB). Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2015-3456

EDB-ID Source Kind Published Link
37053 exploit_db edb 2015-05-18 Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2015-3456

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 19.32% 15.28% -4.05%
2 2026-06-01 24.20% 19.32% -4.87%
3 2026-05-22 24.20%

Full EPSS history (25 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2015-3456

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.7 2.0 HIGH
AV:A/AC:L/Au:S/C:C/I:C/A:C Click to expand
Access vector (AV:A)
Requires access to an adjacent network segment.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:S)
A single authentication is required.
Confidentiality impact (C:C)
Complete confidentiality impact.
Integrity impact (I:C)
Complete integrity impact.
Availability impact (A:C)
Complete availability impact.
 5.1 10.0 [email protected]

Weakness enumeration for CVE-2015-3456

OS Trackers for CVE-2015-3456

vendor priority summary link
debian not yet assigned CVE-2015-3456 not yet assigned priority: Debian including 3 source packages (qemu, virtualbox, xen), 11 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 11. https://security-tracker.debian.org/tracker/CVE-2015-3456
gentoo normal CVE-2015-3456: 3 GLSA(s) (201602-01, 201604-03, 201612-27), 7 atom(s) (app-emulation/pvgrub, app-emulation/qemu, …); latest impact normal. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2015-3456
redhat high https://access.redhat.com/security/cve/CVE-2015-3456
suse medium CVE-2015-3456 severity moderate: SUSE including 990 source package names (amazon/suse-sles-15-sp1-chost-byos-v20210304-hvm-ssd-x86_64, amazon/suse-sles-15-sp1-chost-byos-v20220127-hvm-ssd-x86_64, …), 1317 product×package rows across 74 product lines (HPE Helion OpenStack 8, SUSE Liberty Linux 7, … (74 product lines)): Fixed 1008, Known Affected 157, Known Not Affected 152. https://www.suse.com/security/cve/CVE-2015-3456/
ubuntu high CVE-2015-3456 high priority: Ubuntu including 4 source packages (qemu, qemu-kvm, virtualbox, xen), 21 status rows across 6 suites (lucid, precise, trusty, upstream, utopic, vivid): released 11, DNE 5, needs-triage 4, not-affected 1. https://ubuntu.com/security/CVE-2015-3456

NVD evaluator notes for CVE-2015-3456

Comment: Though the VENOM vulnerability is also agnostic of the guest operating system, an attacker (or an attacker’s malware) would need to have administrative or root privileges in the guest operating system in order to exploit VENOM

Affected software / configurations for CVE-2015-3456

Vendor Product Version Raw CPE
qemu qemu <= 2.3.0 cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
redhat enterprise_virtualization 3.0 cpe:2.3:a:redhat:enterprise_virtualization:3.0:*:*:*:*:*:*:*
redhat openstack 4.0 cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*
redhat openstack 5.0 cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
redhat openstack 6.0 cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*
redhat openstack 7.0 cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*
redhat enterprise_linux 5 cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
redhat enterprise_linux 6.0 cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
redhat enterprise_linux 7.0 cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
xen xen 4.5.0 cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*

References for CVE-2015-3456

URL Tags
http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=e907746266721f305d67bc0718795fedee2e824c
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10693
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html
http://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html
http://marc.info/?l=bugtraq&m=143229451215900&w=2
http://marc.info/?l=bugtraq&m=143387998230996&w=2
http://rhn.redhat.com/errata/RHSA-2015-0998.html
http://rhn.redhat.com/errata/RHSA-2015-0999.html
http://rhn.redhat.com/errata/RHSA-2015-1000.html
http://rhn.redhat.com/errata/RHSA-2015-1001.html
http://rhn.redhat.com/errata/RHSA-2015-1002.html
http://rhn.redhat.com/errata/RHSA-2015-1003.html
http://rhn.redhat.com/errata/RHSA-2015-1004.html
http://rhn.redhat.com/errata/RHSA-2015-1011.html
http://support.citrix.com/article/CTX201078
http://venom.crowdstrike.com/
http://www.debian.org/security/2015/dsa-3259
http://www.debian.org/security/2015/dsa-3262
http://www.debian.org/security/2015/dsa-3274
http://www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerability
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.securityfocus.com/bid/74640
http://www.securitytracker.com/id/1032306
http://www.securitytracker.com/id/1032311
http://www.securitytracker.com/id/1032917
http://www.ubuntu.com/usn/USN-2608-1
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htm
http://xenbits.xen.org/xsa/advisory-133.html
https://access.redhat.com/articles/1444903
https://bto.bluecoat.com/security-advisory/sa95
https://kb.juniper.net/JSA10783
https://kc.mcafee.com/corporate/index?page=content&id=SB10118
https://security.gentoo.org/glsa/201602-01
https://security.gentoo.org/glsa/201604-03
https://security.gentoo.org/glsa/201612-27
https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/
https://support.lenovo.com/us/en/product_security/venom
https://www.arista.com/en/support/advisories-notices/security-advisories/1128-security-advisory-10
https://www.exploit-db.com/exploits/37053/
https://www.suse.com/security/cve/CVE-2015-3456.html
cvelogic Threat Intelligence