New Malware Able To Jump From Virtual Machine to Physical Host

Xen, KVM, and native QEMU have a vulnerability that allows a hostile actor to compromise the physical host from within the virtual system.  Security researcher Jason Geffner at CrowdStrike released information outlining how the virtual floppy driver code can be used to conduct this attack.

The vulnerability has been called VENOM and has CVE-2015-3456 attached to it.  There are already vendor patches from Xen, Ctrix, Red Hat, and QEMU.

As of writing this the CVE has not been fully populated with information and there is no known attack in the wild.  That being said this is serious enough of a vulnerability that exploits will follow soon.  If you have virtualization running on your network or have things in the cloud follow the patch guidance and contact your vendor to make sure they are patched.

Link to the CVE:  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456

Link to CrowdStrike article:  http://venom.crowdstrike.com/

Post by Remote Process