VENOM

This article is about the computer security flaw. For other uses, see Venom (disambiguation).

VENOM (short for Virtualized Environment Neglected Operations Manipulation^[1]) is a computer security flaw that was discovered in 2015 by Jason Geffner, then a security researcher at CrowdStrike.^[2] The flaw was introduced in 2004 and affected versions of QEMU, Xen, KVM, and VirtualBox from that date until it was patched following disclosure.^[3][4]

The existence of the vulnerability was due to a flaw in QEMU's virtual floppy disk controller.^[5]

VENOM is registered in the Common Vulnerabilities and Exposures database as CVE-2015-3456.^[6]

References

1. Richard A. Clarke; Robert K. Knake (2019). The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats. Penguin. pp. 320–. ISBN 978-0-525-56197-2.
2. "VENOM Vulnerability". Venom.crowdstrike.com. Archived from the original on May 13, 2015.
3. Whittaker, Zack (May 13, 2015). "Bigger than Heartbleed, 'Venom' security vulnerability threatens most datacenters". ZDNet. Retrieved 11 November 2017.
4. Dan Goodin (May 14, 2015). "Extremely serious virtual machine bug threatens cloud providers everywhere". Ars Technica. Retrieved 11 November 2017.
5. Stone, Jeff (May 14, 2015). "Venom Security Flaw: Bug Exploits Floppy Drive, But Researchers Say Threat Overstated". International Business Times. IBT Media. Retrieved 11 November 2017.
6. Marc Dacier; Michael Bailey; Michalis Polychronakis; Manos Antonakakis (2017). Research in Attacks, Intrusions, and Defenses: 20th International Symposium, RAID 2017, Atlanta, GA, USA, September 18–20, 2017, Proceedings. Springer. pp. 422–. ISBN 978-3-319-66332-6.