Overview
VENOM, or Virtualized Environment Neglected Operations Manipulation, was made public on May 13, 2015. The vulnerability is in QEMU, a generic and open source machine emulator and virtualizer that is utilized by Xen, KVM, and other modern hypervisors / virtualization platforms.
Impact
Specifically a flaw with how QEMU handles out-of-bounds memory access, exploitation can cause the entire hypervisor to crash and may allow an attacker to access other virtual machines outside of their own.
Summary
- Made public on May 13, 2015
- This flaw exploits QEMU, a generic and open source machine emulator.
- Allows for an attacker to access other virtual machines outside of their own.
Resolution
A patch is available, and Liquid Web’s Heroic Support has proactively scheduled a reboot to patch all affected servers.
Continue reading “Information on CVE-2015-3456 QEMU Vulnerability (VENOM)”