What is the VENOM vulnerability?
A new vulnerability, dubbed “VENOM” has been discovered, which exploits the virtual floppy drive code in QEMU. This vulnerability potentially allows an attacker to break out of their VM (guest) and gain privileged access to the Host machine, and its guest VMs.
The official website, which contains more, useful information can be found here: http://venom.crowdstrike.com/
Upstream advisory: https://rhn.redhat.com/errata/RHSA-2015-0998.html
/r/netsec discussion: https://www.reddit.com/r/netsec/comments/35tnv8/venom_a_major_vulnerability_in_qemu_enables/
What virtualization/hypervisors are affected?
Any hypervisor that uses QEMU – Xen, KVM, VirtualBox and XenServer are amongst those affected by this exploit.
What can I do to resolve the VENOM vulnerability?
- If you have a VM (guest) on a host whose technology is affected by this exploit, the best thing you can do is contact your provider to ensure that they have patched to the latest version of their respective virtualization technology. Major providers such as AWS, DigitalOcean, Linode and Rackspace have already patched this vulnerability.
- If you are a hosting provider, you should urgently update your virtualization platform – most (if not all) have released patches to resolve this vulnerability, for example, for KVM:
yum clean all && yum update qemu-kvm -y