Information on CVE-2015-3456 QEMU Vulnerability (VENOM)

Posted on May 13, 2015 by J. Mays

Category: Security Bulletins | Tags: CVE, CVE-2015-3456, KVM, patch, QEMU, Security, Update, VENOM, Vulnerability, Xen

Reading Time: < 1 minute

Overview

VENOM, or Virtualized Environment Neglected Operations Manipulation, was made public on May 13, 2015. The vulnerability is in QEMU, a generic and open source machine emulator and virtualizer that is utilized by Xen, KVM, and other modern hypervisors / virtualization platforms.

Impact

Specifically a flaw with how QEMU handles out-of-bounds memory access, exploitation can cause the entire hypervisor to crash and may allow an attacker to access other virtual machines outside of their own.

Summary

Made public on May 13, 2015
This flaw exploits QEMU, a generic and open source machine emulator.
Allows for an attacker to access other virtual machines outside of their own.

Resolution

A patch is available, and Liquid Web’s Heroic Support has proactively scheduled a reboot to patch all affected servers.

CrowdStrike states:

VENOM, CVE-2015-3456, is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host. Absent mitigation, this VM escape could open access to the host system and all other VMs running on that host, potentially giving adversaries significant elevated access to the host’s local network and adjacent systems.

Further information on CVE-2015-3456 is available from CrowdStrike and Red Hat.