Researchers Discovered VENOM Vulnerability

CrowdStrike researchers have discovered a buffer overflow vulnerability (VENOM) in the virtual floppy drive code used by many computer virtualization platforms that could allow attackers to escape from the confines of an affected virtual machine (VM) guest and obtain code-execution access to the host.
VENOM: VIRTUALIZED ENVIRONMENT NEGLECTED OPERATIONS MANIPULATION
“This VM escape could open access to the host system and all other VMs running on that host, potentially giving adversaries significant elevated access to the host’s local network and adjacent systems,” researchers said.
The VENOM vulnerability has existed since 2004, when the virtual Floppy Disk Controller was first added to the QEMU codebase.
“We suspect that there are millions of virtual machines around the world that are vulnerable,” said researcher Jason Geffner, who discovered the flaw.

AFFECTED PRODUCTS

Xen, KVM, native QEMU client and many other virtualization platforms and appliances are affected.
Xen and QEMU project have released updates to fix this vulnerability.

VULNERABILITY MITIGATION

Running Virtual Machine hypervisors in certain configurations will minimize or even completely eliminate the impact of this vulnerability. You can use the following configurations:
  • Xen systems running x86 paravirtualized guests are not vulnerable to this exploit.
  • ARM systems are not vulnerable.
  • Enabling stub-domains will mitigate this issue, by reducing the escalation to only those privileges accorded to the service domain. qemu-dm stub-domains are only available with the traditional “qemu-xen” version.
System administrators are advised to apply the latest patches developed to address this vulnerability.

Popular Posts