From a reader who emailed the ISC hander list:
I wanted to bring this to your attention in case you have not seen it yet.
Venom is a new virtual machine vulnerability affecting Xen, KVM and QEMU.
VENOM is an acronym for "Virtualized Environment Neglected Operations Manipulation" which is a marketing term for CVE-2015-3456 ( cve.mitre.org/cgi-bin/… )
According to the Crowstrike announcement, VENOM "is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host. Absent mitigation, this VM escape could open access to the host system and all other VMs running on that host, potentially giving adversaries significant elevated access to the host’s local network and adjacent systems."
At this time, Crowdstrike lists some of the patches in their Q&A section of their announcement page:
Xen Project: xenbits.xen.org/xsa/…
Red Hat: access.redhat.com/articles/…
|thread locked Quote Subscribe||
May 13th 2015
5 years ago