Jump to content

VENOM

Edit links
From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by WhinyTheYounger (talk | contribs) at 19:39, 6 May 2020 (Link add: CrowdStrike). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

VENOM (Virtualized Environment Neglected Operations Manipulation) is a computer security flaw that was publicly disclosed in 2015 by Jason Geffner of CrowdStrike.[1] The flaw was introduced in 2004 and affected versions of QEMU, Xen, KVM, and VirtualBox from that date until it was patched following disclosure.[2][3]

The existence of the vulnerability was due to a flaw in QEMU's virtual floppy disk controller.[4]

VENOM is registered in the Common Vulnerabilities and Exposures database as CVE-2015-3456.

References

  1. ^ "VENOM Vulnerability". venom.crowdstrike.com. Retrieved 2018-12-07.
  2. ^ Whittaker, Zack (May 13, 2015). "Bigger than Heartbleed, 'Venom' security vulnerability threatens most datacenters". Retrieved 11 November 2017.
  3. ^ Dan Goodin (May 14, 2015). "Extremely serious virtual machine bug threatens cloud providers everywhere". Ars Technica. Retrieved 11 November 2017.
  4. ^ Stone, Jeff (May 14, 2015). "Venom Security Flaw: Bug Exploits Floppy Drive, But Researchers Say Threat Overstated". International Business Times. IBT Media. Retrieved 11 November 2017.
Stub icon

This computer security article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=VENOM&oldid=955252011"