OverviewVENOM, or Virtualized Environment Neglected Operations Manipulation, was made public on May 13, 2015. The vulnerability is in QEMU, a generic and open source machine emulator and virtualizer that is utilized by Xen, KVM, and other modern hypervisors / virtualization platforms.
ImpactSpecifically a flaw with how QEMU handles out-of-bounds memory access, exploitation can cause the entire hypervisor to crash and may allow an attacker to access other virtual machines outside of their own.
- Made public on May 13, 2015
- This flaw exploits QEMU, a generic and open source machine emulator.
- Allows for an attacker to access other virtual machines outside of their own.
ResolutionA patch is available, and Liquid Web’s Heroic Support has proactively scheduled a reboot to patch all affected servers. CrowdStrike states:
VENOM, CVE-2015-3456, is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host. Absent mitigation, this VM escape could open access to the host system and all other VMs running on that host, potentially giving adversaries significant elevated access to the host’s local network and adjacent systems.Further information on CVE-2015-3456 is available from CrowdStrike and Red Hat.