VENOM
Appearance
VENOM (Virtualized Environment Neglected Operations Manipulation) is a computer security flaw that was publicly disclosed in 2015 by Jason Geffner of CrowdStrike.[1] The flaw was introduced in 2004 and affected versions of QEMU, Xen, KVM, and VirtualBox from that date until it was patched following disclosure.[2][3]
The existence of the vulnerability was due to a flaw in QEMU's virtual floppy disk controller.[4]
VENOM is registered in the Common Vulnerabilities and Exposures database as CVE-2015-3456.
References
- ^ "VENOM Vulnerability". venom.crowdstrike.com. Retrieved 2018-12-07.
- ^ Whittaker, Zack (May 13, 2015). "Bigger than Heartbleed, 'Venom' security vulnerability threatens most datacenters". Retrieved 11 November 2017.
- ^ Dan Goodin (May 14, 2015). "Extremely serious virtual machine bug threatens cloud providers everywhere". Ars Technica. Retrieved 11 November 2017.
- ^ Stone, Jeff (May 14, 2015). "Venom Security Flaw: Bug Exploits Floppy Drive, But Researchers Say Threat Overstated". International Business Times. IBT Media. Retrieved 11 November 2017.