OverviewVENOM, or Virtualized Environment Neglected Operations Manipulation, was made public on May 13, 2015. The vulnerability is in QEMU, a generic and open source machine emulator and virtualizer that is utilized by Xen, KVM, and other modern hypervisors / virtualization platforms.
ImpactSpecifically a flaw with how QEMU handles out-of-bounds memory access, exploitation can cause the entire hypervisor to crash and may allow an attacker to access other virtual machines outside of their own.
- Made public on May 13, 2015
- This flaw exploits QEMU, a generic and open source machine emulator.
- Allows for an attacker to access other virtual machines outside of their own.
ResolutionA patch is available, and Liquid Web’s Heroic Support has proactively scheduled a reboot to patch all affected servers. Continue reading “Information on CVE-2015-3456 QEMU Vulnerability (VENOM)”