QEMU Floppy Disk Controller fdctrl_handle_drive_specification_command Virtual Machine Escape Exploit (VENOM)

The fdctrl_handle_drive_specification_command() function in the code that emulates the Floppy Disk Controller in QEMU does not properly reset the index within a buffer when processing user-controlled data, leading to a heap-based buffer overflow in the QEMU process that runs on the Host system. An attacker running code within a Guest operating system can exploit this vulnerability in order to escape from the QEMU virtual machine and execute arbitrary code on the Host operating system.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2015-3456
Product Version: 
2014_R2
Released Date: 
Friday, June 12, 2015 - 00:00