VENOM, or Virtualized Environment Neglected Operations Manipulation, was made public on May 13, 2015. The vulnerability is in QEMU, a generic and open source machine emulator and virtualizer that is utilized by Xen, KVM, and other modern hypervisors / virtualization platforms.

Specifically a flaw with how QEMU handles out-of-bounds memory access, exploitation can cause the entire hypervisor to crash and may allow an attacker to access other virtual machines outside of their own.

• Made public on May 13, 2015
• This flaw exploits QEMU, a generic and open source machine emulator.
• Allows for an attacker to access other virtual machines outside of their own.

A patch is available, and Liquid Web’s Heroic Support has proactively scheduled a reboot to patch all affected servers.

Continue reading “Information on CVE-2015-3456 QEMU Vulnerability (VENOM)” →