XWEBHosting Now Supports Ethereum & DASH. Receive 25% Off All Orders When Paying With Ethereum!

CVE-2015-3456 "Venom" Vulnerability

CVE-2015-3456 “Venom” Vulnerability

May 21, 2015

A notification has gone out to customers susceptible to a potential exploit, outlined in CVE-2015-3456 (currently being dubbed the “VENOM” vulnerability) that may cause complications for all servers running the Xen and KVM hypervisors, worldwide. To protect our affected customers, we have proactively applied a patch that will ensure all potential threats are neutralized upon your next full reboot in Manage. Please note that if you have received this notification from us, it is important that a full reboot is executed via your XWeb Management Interface as no other methods of restarting will ensure this is completed effectively. If you do not reboot your instance manually, we will complete this action for you between 2:00AM and 2:00PM EDT, on May 22nd, 2015 to ensure your protection. 


VENOM, or Virtualized Environment Neglected Operations Manipulation, was made public on May 13, 2015. The vulnerability is in QEMU, a generic and open source machine emulator and virtualizer that is utilized by Xen, KVM, and other modern hypervisors / virtualization platforms.


Specifically a flaw with how QEMU handles out-of-bounds memory access, exploitation can cause the entire hypervisor to crash and may allow an attacker to access other virtual machines outside of their own.

  • Made public on May 13, 2015
  • This flaw exploits QEMU, a generic and open source machine emulator.
  • Allows for an attacker to access other virtual machines outside of their own.

CrowdStrike states:

VENOM, CVE-2015-3456, is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host. Absent mitigation, this VM escape could open access to the host system and all other VMs running on that host, potentially giving adversaries significant elevated access to the host’s local network and adjacent systems.

Further information on CVE-2015-3456 is available from CrowdStrike and Red Hat.