VENOM (security vulnerability)

VENOM (Virtualized Environment Neglected Operations Manipulation) is a computer security flaw that was publicly disclosed in 2015 by Jason Geffner of CrowdStrike.[1] The flaw was introduced in 2004 and affected versions of QEMU, Xen, KVM, and VirtualBox from that date until it was patched following disclosure.[2][3]

The existence of the vulnerability was due to a flaw in QEMU's virtual floppy disk controller.[4]

VENOM is registered in the Common Vulnerabilities and Exposures database as CVE-2015-3456.

References

  1. "VENOM Vulnerability". venom.crowdstrike.com. Retrieved 2018-12-07.
  2. Whittaker, Zack (May 13, 2015). "Bigger than Heartbleed, 'Venom' security vulnerability threatens most datacenters". Retrieved 11 November 2017.
  3. Dan Goodin (May 14, 2015). "Extremely serious virtual machine bug threatens cloud providers everywhere". Ars Technica. Retrieved 11 November 2017.
  4. Stone, Jeff (May 14, 2015). "Venom Security Flaw: Bug Exploits Floppy Drive, But Researchers Say Threat Overstated". International Business Times. IBT Media. Retrieved 11 November 2017.


This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.