Data center virtualization is one of the key tenets of cloud computing. The VENOM vulnerability has been recently discovered by CrowdStrike, and the exploit relies on exploiting flawed code inside the Floppy Disk Controller within a hypervisor.
VENOM, which is an acronym for Virtualized Environment Neglected Operations Manipulation, has been making the headlines as “Being worse than the Heartbleed bug.” In theory, it could be, however, publications such as Forbes believe that this is not the case.
There is no evidence that the VENOM vulnerability has been used in any attacks. Zach Lanier, security researcher at Accuvant Labs, confirms that VENOM has not been “Seen in the wild.” Accuvant Labs rates the vulnerability as “Moderate.”
For hackers who could have exploited this flaw, the consequences could have been dire for cloud providers.
Amazon, the world’s largest cloud provider, published a security advisory saying, “We are aware of the QEMU security issue assigned CVE-2015-3456, also known as ‘VENOM,’ which impacts various virtualized platforms. There is no risk to AWS customer data or instances.” RackSpace and others have either pushed updates or confirmed that the bug does not impact its services. RedHat posted a fix for VENOM as well.
How VENOM Works
VENOM preys on cloud computing security experts’ worst nightmare. With the vulnerability, a hacker could simply buy space on a cloud hosting provider, inject code that exploits VENOM, and escape the hypervisor. If a hacker can escape a hypervisor, all of the data hosted within that same node could be at risk.
“Exploitation of the VENOM vulnerability can expose access to corporate intellectual property (IP), in addition to sensitive and personally identifiable information (PII), potentially impacting the thousands of organizations and millions of end users that rely on affected VMs for the allocation of shared computing resources, as well as connectivity, storage, security, and privacy,” writes CrowdStrike.