oss-sec mailing list archives
VENOM - CVE-2015-3456
From: Jason Geffner <jason () crowdstrike com>
Date: Wed, 13 May 2015 12:22:19 +0000
VENOM, CVE-2015-3456, is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host. Absent mitigation, this VM escape could open access to the host system and all other VMs running on that host, potentially giving adversaries significant elevated access to the host's local network and adjacent systems. Exploitation of the VENOM vulnerability can expose access to corporate intellectual property (IP), in addition to sensitive and personally identifiable information (PII), potentially impacting the thousands of organizations and millions of end users that rely on affected VMs for the allocation of shared computing resources, as well as connectivity, storage, security, and privacy. Please see http://venom.crowdstrike.com/ for further details. Sincerely, Jason Geffner Sr. Security Researcher, CrowdStrike
Current thread:
- VENOM - CVE-2015-3456 Jason Geffner (May 13)
- Re: VENOM - CVE-2015-3456 Solar Designer (May 13)
- Re: VENOM - CVE-2015-3456 Sebastian Pipping (May 13)
- RE: VENOM - CVE-2015-3456 Jason Geffner (May 13)
- Moving in the wrong direction [was: Re: VENOM - CVE-2015-3456] mancha (May 14)
- RE: VENOM - CVE-2015-3456 Jason Geffner (May 14)
- Re: VENOM - CVE-2015-3456 Solar Designer (May 13)
- Re: VENOM - CVE-2015-3456 Marcus Meissner (May 13)
- Re: VENOM - CVE-2015-3456 Solar Designer (May 13)