VENOM

{{About|the computer security flaw||Venom (disambiguation)}}

VENOM (short for Virtualized Environment Neglected Operations Manipulation{{cite book | author1 = Richard A. Clarke | author2 = Robert K. Knake | date = 2019 | title = The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats | publisher = Penguin | pages = 320– | isbn = 978-0-525-56197-2 | url = https://books.google.com/books?id=ADx0DwAAQBAJ&pg=PA320}}) is a computer security flaw that was discovered in 2015 by Jason Geffner, then a security researcher at CrowdStrike.{{cite web | title=VENOM Vulnerability | website=Venom.crowdstrike.com | date= | url=http://venom.crowdstrike.com/ | archive-url=https://web.archive.org/web/20150513104122/http://venom.crowdstrike.com/ | archive-date=May 13, 2015 | url-status=dead }} The flaw was introduced in 2004 and affected versions of QEMU, Xen, KVM, and VirtualBox from that date until it was patched following disclosure.{{cite web|url=https://www.zdnet.com/article/venom-security-flaw-millions-of-virtual-machines-datacenters/|title=Bigger than Heartbleed, 'Venom' security vulnerability threatens most datacenters|last=Whittaker|first=Zack|website=ZDNet |date=May 13, 2015|access-date=11 November 2017}}{{cite web|url=https://arstechnica.com/information-technology/2015/05/extremely-serious-virtual-machine-bug-threatens-cloud-providers-everywhere/|title=Extremely serious virtual machine bug threatens cloud providers everywhere|last=Dan Goodin|date=May 14, 2015|work=Ars Technica|accessdate=11 November 2017}}

The existence of the vulnerability was due to a flaw in QEMU's virtual floppy disk controller.{{cite news|url=http://www.ibtimes.com/venom-security-flaw-bug-exploits-floppy-drive-researchers-say-threat-overstated-1922070|title=Venom Security Flaw: Bug Exploits Floppy Drive, But Researchers Say Threat Overstated|last=Stone|first=Jeff|date=May 14, 2015|work=International Business Times|publisher=IBT Media|accessdate=11 November 2017}}

VENOM is registered in the Common Vulnerabilities and Exposures database as {{CVE|2015-3456}}.{{cite book | author1 = Marc Dacier | author2 = Michael Bailey | author3 = Michalis Polychronakis | author4 = Manos Antonakakis | date = 2017 | title = Research in Attacks, Intrusions, and Defenses: 20th International Symposium, RAID 2017, Atlanta, GA, USA, September 18–20, 2017, Proceedings | publisher = Springer | pages = 422– | isbn = 978-3-319-66332-6 | url = https://books.google.com/books?id=I6Q5DwAAQBAJ&pg=PA422}}

References

{{Reflist}}

Category:Computer security exploits

{{computer-security-stub}}