VENOM (security vulnerability)

From HandWiki

VENOM (Virtualized Environment Neglected Operations Manipulation) is a computer security flaw that was publicly disclosed in 2015 by Jason Geffner of CrowdStrike.[1] The flaw was introduced in 2004 and affected versions of QEMU, Xen, KVM, and VirtualBox from that date until it was patched following disclosure.[2][3] The existence of the vulnerability was due to a flaw in QEMU's virtual floppy disk controller.[4]

VENOM is registered in the Common Vulnerabilities and Exposures database as CVE-2015-3456.

References

  1. "VENOM Vulnerability" (in en-US). https://venom.crowdstrike.com/. 
  2. Whittaker, Zack (May 13, 2015). "Bigger than Heartbleed, 'Venom' security vulnerability threatens most datacenters". http://www.zdnet.com/article/venom-security-flaw-millions-of-virtual-machines-datacenters/. Retrieved 11 November 2017. 
  3. Dan Goodin (May 14, 2015). "Extremely serious virtual machine bug threatens cloud providers everywhere". Ars Technica. https://arstechnica.com/information-technology/2015/05/extremely-serious-virtual-machine-bug-threatens-cloud-providers-everywhere/. Retrieved 11 November 2017. 
  4. Stone, Jeff (May 14, 2015). "Venom Security Flaw: Bug Exploits Floppy Drive, But Researchers Say Threat Overstated". International Business Times (IBT Media). http://www.ibtimes.com/venom-security-flaw-bug-exploits-floppy-drive-researchers-say-threat-overstated-1922070. Retrieved 11 November 2017. 




Retrieved from "https://handwiki.org/wiki/index.php?title=VENOM_(security_vulnerability)&oldid=73306"