VENOM

From HandWiki
Revision as of 20:36, 6 March 2023 by Steve Marsio (talk | contribs) (change)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

VENOM (short for Virtualized Environment Neglected Operations Manipulation[1]) is a computer security flaw that was discovered in 2015 by Jason Geffner, then a security researcher at CrowdStrike.[2] The flaw was introduced in 2004 and affected versions of QEMU, Xen, KVM, and VirtualBox from that date until it was patched following disclosure.[3][4]

The existence of the vulnerability was due to a flaw in QEMU's virtual floppy disk controller.[5]

VENOM is registered in the Common Vulnerabilities and Exposures database as CVE-2015-3456.[6]

References

  1. Richard A. Clarke; Robert K. Knake (2019). The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats. Penguin. pp. 320–. ISBN 978-0-525-56197-2. https://books.google.com/books?id=ADx0DwAAQBAJ&pg=PA320. 
  2. "VENOM Vulnerability". http://venom.crowdstrike.com/. 
  3. Whittaker, Zack (May 13, 2015). "Bigger than Heartbleed, 'Venom' security vulnerability threatens most datacenters". http://www.zdnet.com/article/venom-security-flaw-millions-of-virtual-machines-datacenters/. Retrieved 11 November 2017. 
  4. Dan Goodin (May 14, 2015). "Extremely serious virtual machine bug threatens cloud providers everywhere". Ars Technica. https://arstechnica.com/information-technology/2015/05/extremely-serious-virtual-machine-bug-threatens-cloud-providers-everywhere/. Retrieved 11 November 2017. 
  5. Stone, Jeff (May 14, 2015). "Venom Security Flaw: Bug Exploits Floppy Drive, But Researchers Say Threat Overstated". International Business Times (IBT Media). http://www.ibtimes.com/venom-security-flaw-bug-exploits-floppy-drive-researchers-say-threat-overstated-1922070. Retrieved 11 November 2017. 
  6. Marc Dacier; Michael Bailey; Michalis Polychronakis; Manos Antonakakis (2017). Research in Attacks, Intrusions, and Defenses: 20th International Symposium, RAID 2017, Atlanta, GA, USA, September 18–20, 2017, Proceedings. Springer. pp. 422–. ISBN 978-3-319-66332-6. https://books.google.com/books?id=I6Q5DwAAQBAJ&pg=PA422. 




Retrieved from "https://handwiki.org/wiki/index.php?title=VENOM&oldid=2633212"