suse · CVE-2015-3456

Quick triage

Priority: medium Published: 2021-05-30 13:30:00 UTC Updated: 2026-04-18 18:19:30 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2015-3456 severity moderate: SUSE including 990 source package names (amazon/suse-sles-15-sp1-chost-byos-v20210304-hvm-ssd-x86_64, amazon/suse-sles-15-sp1-chost-byos-v20220127-hvm-ssd-x86_64, …), 1317 product×package rows across 74 product lines (HPE Helion OpenStack 8, SUSE Liberty Linux 7, … (74 product lines)): Fixed 1008, Known Affected 157, Known Not Affected 152.

Description:

The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.

cvelogic Threat Intelligence