[v2.7] qemu: Privilege escalation via emulated floppy disk drive (venom, CVE-2015-3456)
ISSUE DESCRIPTION
The code in qemu which emulates a floppy disk controller did not
correctly bounds check accesses to an array and therefore was
vulnerable to a buffer overflow attack.
IMPACT
A guest which has access to an emulated floppy device can exploit this
vulnerability to take over the qemu process elevating its privilege to
that of the qemu process.
info: http://venom.crowdstrike.com/
patch:
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e907746266721f305d67bc0718795fedee2e824c
(from redmine: issue id 4184, created on 2015-05-14, closed on 2015-06-16)
- Relations:
- parent #4181 (closed)
- Changesets:
- Revision d747647a by Natanael Copa on 2015-05-21T07:01:35Z:
main/qemu: security fix for CVE-2015-3456
ref #4181
fixes #4184