CVE-2015-3456

Name of the Vulnerable Software and Affected Versions QEMU versions prior to the fixed version Xen versions 4.5.x and earlier KVM (affected versions not specified) Check Point GAiA (affected versions not specified) Arista EOS (affected versions not specified)

Description The issue allows local guest users to cause a denial of service or possibly execute arbitrary code via certain commands, including FD CMD READ ID and FD CMD DRIVE SPECIFICATION COMMAND. A privileged guest user could use this flaw to potentially execute arbitrary code on the host of the VM. The vulnerability affects the Floppy Disk Controller emulation in QEMU.

Recommendations For QEMU, update to a version that includes the fix for this issue. For Xen, update to a version later than 4.5.x. For KVM, apply the necessary patch or update to a version that includes the fix. For Check Point GAiA, apply the recommended patch or update. For Arista EOS, ensure that untrusted users do not have access to virtual machines hosted on EOS, and consider disabling the virtual machine hosting feature until a patch is available. As a temporary workaround, restrict access to the virtual machine hosted on EOS to minimize the risk of exploitation.