All Posts

1 post

Venom Hypervisor Vulnerability

Crowdstrike published details today about a critical vulnerability that they discovered in a number of virtualization hypervisors: KVM, QEMU and Xen. The vulnerability CVE-2015-3456, called “Venom” by Crowdstrike, is in the floppy disk driver. It allows the guest operating system running under the hypervisor to break out of the hypervisor and get access to the host operating system. This is one of the worst classes of vulnerabilities in virtualization, since from there the attacker can infect other guest operating systems, or try to get into other host systems in typical lateral growth fashion. There is no patch that can be applied at the guest level, i.e. the level that you typically control. The problem has to be fixed at the host level, which is typically controlled by a service provider, external or internal.

Continue reading …