CrowdStrike researchers have discovered a buffer overflow vulnerability (VENOM) in the virtual floppy drive code used by many computer virtualization platforms that could allow attackers to escape from the confines of an affected virtual machine (VM) guest and obtain code-execution access to the host.
XEN AND QEMU PROJECT HAVE RELEASED UPDATES TO FIX THIS VULNERABILITY.
- Xen systems running x86 paravirtualized guests are not vulnerable to this exploit.
- ARM systems are not vulnerable.
- Enabling stub-domains will mitigate this issue, by reducing the escalation to only those privileges accorded to the service domain. qemu-dm stub-domains are only available with the traditional “qemu-xen” version.
System administrators are advised to apply the latest patches developed to address this vulnerability.
Vulnerability Discovered in VENOM