1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Significant virtual machine vulnerability has been hiding in floppy disk code for 11 years

Discussion in 'CSO' started by RSS, May 13, 2015.

  1. RSS

    RSS New Member Member

    CrowdStrike researchers announced this morning that they have discovered a buffer overflow vulnerability in many of today's most popular virtual machine platforms that could potentially allow hackers access to the host.

    They named the vulnerability VENOM -- Virtualized Environment Neglected Operations Manipulation -- because it takes advantage of long-neglected code, the virtual floppy disk controller.

    "We suspect that there are millions of virtual machines around the world that are vulnerable," said researcher Jason Geffner, who discovered the flaw.

    Affected platforms include Xen hypervisors, KVM, Oracle VM VirtualBox and the native QEMU client. Geffner estimates that these machines account for the majority of the virtual machine market, due to their widespread use by cloud computing services, infrastructure as a service providers and appliance vendors.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page