VENOM refers to a security vulnerability that results from a buffer overflow in a kernel-level driver included in many default virtualized environments. The VENOM vulnerability has the potential to provide attackers with access to the host operating system and, as a result, other guest operating systems on the same host.
VENOM Specifics and Efforts to Patch Vulnerability
Security firm CrowdStrike discovered and named the VENOM vulnerability in early 2015. VENOM, an acronym for Virtualized Environment Neglected Operations Manipulation, arises from QEMU's virtual Floppy Disk Controller (FDC), which carries a vulnerability that could enable an attacker to run code by pairing one of two flawed commands related to the controller with a buffer overflow.
The VENOM vulnerability affects KVM, Xen and native QEMU virtual machines. Virtual machines running on Microsoft Hyper-V or VMware hypervisors are not affected by VENOM. The VENOM vulnerability works with the default configuration of the affected virtualization platforms, so even when the FDC drive has not been added to the platform, systems are still vulnerable.
Fortunately, there is no evidence that VENOM has been exploited in the wild at this time, and many software firms have released updates recently for their products that patch the VENOM vulnerability, including Red Hat, Rackspace, SUSE and Citrix.
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...
Stay up to date on the latest developments in Internet terminology with a free weekly newsletter from Webopedia. Join to subscribe now.
The following facts and statistics capture the changing landscape of cloud computing and how service providers and customers are keeping up with... Read More »Facts about Computer Science: Education and Jobs
The following computer science facts and statistics provide a quick introduction to the changing trends in education and related careers. Read More »Texting & Chat Abbreviations
From A3 to ZZZ this guide lists 1,500 text message and online chat abbreviations to help you translate and understand today's texting lingo. Read More »
Learn about each of the five generations of computers and major technology developments that have led to the computing devices that we use... Read More »Computer Architecture Study Guide
Computer architecture provides an introduction to system design basics for most computer science students. Read More »Network Fundamentals Study Guide
Networking fundamentals teaches the building blocks of modern network design. Learn different types of networks, concepts, architecture and... Read More »