Critical QEMU Vulnerability – VENOM – affects Xen, KVM, VirtualBox, XenServer

What is the VENOM vulnerability?

A new vulnerability, dubbed “VENOM” has been discovered, which exploits the virtual floppy drive code in QEMU. This vulnerability potentially allows an attacker to break out of their VM (guest) and gain privileged access to the Host machine, and its guest VMs.

The official website, which contains more, useful information can be found here: http://venom.crowdstrike.com/

Upstream advisory: https://rhn.redhat.com/errata/RHSA-2015-0998.html

What virtualization/hypervisors are affected?

Any hypervisor that uses QEMU – Xen, KVM, VirtualBox and XenServer are amongst those affected by this exploit.

What can I do to resolve the VENOM vulnerability?

If you have a VM (guest) on a host whose technology is affected by this exploit, you should urgently update your virtualization platform for example, for KVM:

yum clean all && yum update qemu-kvm -y

And for others :

yum clean all && yum update -y

Following the update, the guests (virtual machines) need to be powered off and started up again for the update to take effect. Please note that it is not enough to restart the guests because a restarted guest would continue running using the same (old, not updated) QEMU binary.

NOTE : Please make sure you choose the correct kernel to boot.