[v3.0] qemu: Privilege escalation via emulated floppy disk drive (venom, CVE-2015-3456)
ISSUE DESCRIPTION
The code in qemu which emulates a floppy disk controller did not
correctly bounds check accesses to an array and therefore was
vulnerable to a buffer overflow attack.
IMPACT
A guest which has access to an emulated floppy device can exploit this
vulnerability to take over the qemu process elevating its privilege to
that of the qemu process.
info: http://venom.crowdstrike.com/
patch:
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e907746266721f305d67bc0718795fedee2e824c
(from redmine: issue id 4183, created on 2015-05-14, closed on 2015-06-16)
- Relations:
- parent #4181 (closed)
- Changesets:
- Revision a75142b6 by Natanael Copa on 2015-05-20T08:35:36Z:
main/qemu: security fix for CVE-2015-3456
ref #4181
fixes #4183