This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy >

Security Notice - Statement about the Xen VENOM Vulnerability

  • Initial Release Date: May 14, 2015
  • Last Release Date: Nov 19, 2015

Huawei has noticed a vulnerability disclosed by Xen. The floppy disk controller (FDC) of QEMU (used in Xen V4.5.x and earlier) has a buffer overflow vulnerability. This vulnerability allows an attacker to escape out of the virtual machine, execute code on the physical host with full privilege, or gain access to the local network and other virtual machines, affecting data centers (CVE No.: CVE-2015-3456).

Some versions of Huawei FusionCompute products are affected by the vulnerability. Huawei has released fixed version and delivered Security Advisory. The link of the Security Advisory is:

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htm

2015-11-19 V1.1 FINAL
2015-05-14 V1.0 INITIAL

Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism. Please report to Huawei PSIRT at psirt@huawei.com if you find any security vulnerability of Huawei products.


News End