Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » "VENOM" flaw in virtualization software could lead to VM escapes, data theft

"VENOM" flaw in virtualization software could lead to VM escapes, data theft

2015/05/13

Threatpost - (International) Security researchers from CrowdStrike discovered a vulnerability in virtualization platforms in which an attacker could exploit a flaw in the virtual floppy disk controller component of the QEMU open-source visualization package to escape from a guest virtual machine (VM) to gain code execution on the host in addition to any other VMs running on the affected system. The bug has been dubbed VENOM and affects a variety of virtualization software running on all major operating systems (OS').

Source: https://threatpost.com/venom-flaw-in-virtualization-software-could-lead-to-vm-escapes-data-theft/112772

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:24:17