News Stay informed about the latest enterprise technology news and product updates.

VENOM zero-day vulnerability strikes virtual machine security

CrowdStrike security researchers discovered a major bug that could impact a wide range of commonly-used virtualization platforms.

Security researchers discovered a zero-day vulnerability that could jeopardize cloud and virtual machine security...

and impact millions of end users.

The virtualization vulnerability, dubbed VENOM (Virtualization Environment Neglected Operations Manipulation), was revealed Wednesday by CrowdStrike Inc., threat intelligence firm based in Irvine, Calif., after being discovered by Jason Geffner, senior security researcher at CrowdStrike. In a security advisory, CrowdStrike said VENOM affects the virtual floppy disk controller (FDC) of QEMU, a free and open source hypervisor, and could allow attackers to move out of a guest virtual machine and obtain code execution capabilities on the host machine.

"Absent mitigation, this VM escape could open access to the host system and all other VMs running on that host, potentially giving adversaries significant elevated access to the host's local network and adjacent systems," the security advisory stated, adding that VENOM could impact "thousands of organizations and millions of end users."

According to CrowdStrike, the FDC code is used by numerous virtualization platforms, including Xen and KVM, and is agnostic of host and guest operating systems because the flaw is in the hypervisor's code. CrowdStrike also said VMware, Microsoft Hyper-V and Bochs hypervisors are not affected by VENOM.

The VENOM vulnerability has existed since 2004 when the FDC was first introduced to QEMU, CrowdStrike said. But the good news is, according to the company, that there are no reports of the vulnerability being exploited in the wild.

The revelation of VENOM is the latest in a series of virtualization software issues that have caused headaches for enterprises and cloud providers over the last year. In October, major cloud providers Amazon Web Services, IBM Softlayer and Rackspace were forced to reboot portions of their public cloud infrastructure in order to patch a serious vulnerability in the Xen hypervisor.

Another Xen hypervisor flaw was discovered this year, but Amazon was able to patch the virtualization software and call off another planned reboot.

CrowdStrike recommended that administrators running Xen, KVM, or native QEMU clients apply the latest patches to address VENOM. The QEMU Project, the Xen Project, and Red Hat have already released updates to patch the zero-day vulnerability, and more organizations are expected to join the fray.

Next Steps

Learn about how NIST 800-125-A can provide a better understanding of hypervisor security threats

Dig Deeper on Cloud Computing Virtualization: Secure Multitenancy - Hypervisor Protection

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Is your organization affected by the VENOM vulnerability, and if so, what steps are you taking to mitigate it?
Cancel

-ADS BY GOOGLE

SearchSecurity

SearchCloudComputing

SearchAWS

SearchCloudApplications

SearchServerVirtualization

SearchVMware

ComputerWeekly

Close