Information on CVE-2015-3456 QEMU Vulnerability (VENOM)

Posted on May 13, 2015 by J. Mays | Updated: June 1, 2015
Category: Security Bulletins, Technical Support | Tags: CVE, CVE-2015-3456, KVM, patch, QEMU, security, update, VENOM, vulnerability, Xen

Overview

VENOM, or Virtualized Environment Neglected Operations Manipulation, was made public on May 13, 2015. The vulnerability is in QEMU, a generic and open source machine emulator and virtualizer that is utilized by Xen, KVM, and other modern hypervisors / virtualization platforms.

Impact

Specifically a flaw with how QEMU handles out-of-bounds memory access, exploitation can cause the entire hypervisor to crash and may allow an attacker to access other virtual machines outside of their own.

Summary

Made public on May 13, 2015
This flaw exploits QEMU, a generic and open source machine emulator.
Allows for an attacker to access other virtual machines outside of their own.

Resolution

A patch is available, and Liquid Web’s Heroic Support has proactively scheduled a reboot to patch all affected servers.

Continue reading “Information on CVE-2015-3456 QEMU Vulnerability (VENOM)” →

Liquid Web | Knowledge Base

Tag: CVE-2015-3456

Information on CVE-2015-3456 QEMU Vulnerability (VENOM)

Search our Knowledge Base

Sidebar