VENOM security vulnerability

Red Hat Product Security is aware of a 'buffer overflow' vulnerability within the QEMU component of the KVM/QEMU and Xen virtualization solutions. The vulnerability is commonly known as VENOM and has been assigned CVE-2015-3456.

This vulnerability affects the Floppy Disk Controller (FDC) emulation implemented in the QEMU hardware virtualization component and could potentially facilitate arbitrary code execution on the host via guests.

The easiest way to check vulnerability and/or confirm remediation is the Red Hat Access Lab.

For more information, please see this Red Hat Customer Portal Knowledge article.

If you have questions or concerns, please contact Red Hat Technical Support.

Sincerely,
The Red Hat Product Security Team