Webopedia on Google+Webopedia on TwitterWebopedia on FacebookTech Bytes Blog
Main » TERM » V »

VENOM vulnerability

VENOM refers to a security vulnerability that results from a buffer overflow in a kernel-level driver included in many default virtualized environments. The VENOM vulnerability has the potential to provide attackers with access to the host operating system and, as a result, other guest operating systems on the same host.

VENOM is of particular concern to enterprises, as it can compromise corporate data centers and cloud services, which tend to rely heavily on virtualized systems throughout their operations.

VENOM Specifics and Efforts to Patch Vulnerability

Security firm CrowdStrike discovered and named the VENOM vulnerability in early 2015. VENOM, an acronym for Virtualized Environment Neglected Operations Manipulation, arises from QEMU's virtual Floppy Disk Controller (FDC), which carries a vulnerability that could enable an attacker to run code by pairing one of two flawed commands related to the controller with a buffer overflow.

The VENOM vulnerability affects KVM, Xen and native QEMU virtual machines. Virtual machines running on Microsoft Hyper-V or VMware hypervisors are not affected by VENOM. The VENOM vulnerability works with the default configuration of the affected virtualization platforms, so even when the FDC drive has not been added to the platform, systems are still vulnerable.

Fortunately, there is no evidence that VENOM has been exploited in the wild at this time, and many software firms have released updates recently for their products that patch the VENOM vulnerability, including Red Hat, Rackspace, SUSE and Citrix.







TECH RESOURCES FROM OUR PARTNERS
LATEST ARTICLES
Slideshow: 5 Hot Holiday Gifts for Tech Enthusiasts

From cute electronic toys to VR gaming, here are 5 hot gifts to give to your special tech enthusiast this holiday season. Read More »

What's Hot in Tech: AI Tops the List

Like everything in technology, AI touches on so many other trends, like self-driving cars and automation, and Big Data and the Internet of Things... Read More »

DevOp's Role in Application Security

As organizations rush to release new applications, security appears to be getting short shrift. DevSecOps is a new approach that holds promise. Read More »

STUDY GUIDES
Java Basics, Part 1

Java is a high-level programming language. This guide describes the basics of Java, providing an overview of syntax, variables, data types and... Read More »

Java Basics, Part 2

This second Study Guide describes the basics of Java, providing an overview of operators, modifiers and control Structures. Read More »

The 7 Layers of the OSI Model

The Open System Interconnection (OSI) model defines a networking framework to implement protocols in seven layers. Use this handy guide to compare... Read More »