KVM Venom Vulnerability CVE-2015-3456

eva2000 · May 14, 2015

Seems KVM specific Vultnerability named Venom (CVE-2015-3456) has been published causing a lot of KVM providers to send notices and reboot KVM host nodes.

From Ramnode

This message is to all KVM clients. A significant vulnerability called VENOM has been published earlier this morning. It affects all KVM guests running on QEMU--a widely used emulator for virtual server hosting. We have patched our systems, but the patch requires that we pause/resume your VPSs in order for it to take effect. In the event that this fails, your VPS will be force-stopped and then started.

This process will begin at 4 PM EDT. Total downtime per VPS should be under 1 minute. We apologize for the inconvenience, but quick action is needed to mitigate the danger posed by this vulnerability. You can read more about it here:

VENOM Vulnerability
'Venom' vulnerability: Serious computer bug shatters cloud security - Fortune

Please open a support ticket in the Client Area if you have any questions or concerns. We will post updates as needed at http://twitter.com/nodestatus You are also welcome to join our community IRC channel to stay up to date.

Regards,

RamNode.com
Click to expand...

From Vultr

05/13/15 4:00 pm EDT The Vultr security team is rolling out a security update which is being transparently applied to all affected instances. A small portion of instances may require a restart to fully apply the patches, and this will be done automatically. Our teams will continue to diligently review and monitor the global platform and keep you updated of any issues.

05/13/15 7:02 pm EDT The VENOM security update has been applied throughout our global platform and no further impact is anticipated.
Click to expand...

From DigitalOcean (Update on CVE-2015-3456, aka the VENOM Security Vulnerability | DigitalOcean

Update on CVE-2015-3456, aka the VENOM Security Vulnerability
May 13, 2015

Earlier today, CVE-2015-3456, a security vulnerability also known as VENOM was publicly announced. This bug in KVM/QEMU, our virtualization environment, could potentially exploit a VM’s virtual floppy driver as described in detail here and here. DigitalOcean has conducted a thorough audit of our platform and taken steps to mitigate the issue.

On hypervisors running the latest version of our cloud, the QEMU process is confined by a mandatory access control profile which would prevent a would-be attacker from accessing the host system or other Droplets. We are rolling out updates across all of our infrastructure to ensure the latest QEMU security patches are applied on each server. In addition, we have implemented a number of other security and monitoring features in order to provide early warning of attempts to exploit similar vulnerabilities.

In order to complete the process of applying the security patches, a small number of our hypervisors will require a reboot. Our team is currently working to schedule this in the least disruptive manner possible. We will keep you posted on our progress.

If you have any additional questions, please reach out to our support team:

DigitalOcean
Click to expand...

From Linode (Linode Blog » VENOM (CVE-2015-3456) Vulnerability and Linode

A new security advisory, CVE-2015-3456 called VENOM (Virtualized Environment Neglected Operations Manipulation), was released today. Our Security Team has thoroughly reviewed this vulnerability and we wanted to take a moment to reassure Linode customers that this vulnerability does not affect any part of the Linode infrastructure and no action is required on your part.

What is VENOM?

VENOM is a security vulnerability that exploits virtual floppy drive code in QEMU that emulates a floppy disk controller. On certain platforms, this code can be exploited which allows attackers to escape from a Virtual Machine guest and gain privileged access to the host.

Why is Linode not affected?

In XSA-133, which is the Xen Security Advisory that provides details related to this vulnerability, it states that “Systems running only x86 PV guests are not vulnerable”. This vulnerability applies to QEMU guests on KVM and XEN HVM Guests. Linode only uses XEN PV guests which are not affected by this vulnerability. Specifically, XEN PV guests do not require the use of QEMU.

What do I need to do?

Fortunately, nothing needs to be done at this time to your Linode. The Linode Security Team constantly monitors all CVE’s and XSA’s to ensure that our internal infrastructure and customer Linode’s are as secure as possible.
Click to expand...

Epic Internet Marketing · May 14, 2015

Thank you for keeping us informed.

eva2000 · May 14, 2015

Epic Internet Marketing said: ↑

Thank you for keeping us informed.
Click to expand...

You're welcome Majority of my VPS are KVM these days so definitely something I need to keep on top of

Epic Internet Marketing · May 14, 2015

eva2000 said: ↑

You're welcome Majority of my VPS are KVM these days so definitely something I need to keep on top of
Click to expand...

I honestly wouldn't even consider OpenVZ and here we think we're safe with KVM. Very glad our responsible hosting providers are staying on top of these things. And again credit as well as thanks to you for keeping us informed on the matter.

Hamza · May 14, 2015

Thanks Eva for keeping us updated

Log in / Register

Forums

Learn about Centmin Mod LEMP Stack today

KVM Venom Vulnerability CVE-2015-3456

eva2000 Administrator Staff Member

Epic Internet Marketing Member

eva2000 Administrator Staff Member

Epic Internet Marketing Member

Hamza New Member

.

Log in / Register

Useful Searches

Learn about Centmin Mod LEMP Stack today

KVM Venom Vulnerability CVE-2015-3456

eva2000 Administrator Staff Member

Epic Internet Marketing Member

eva2000 Administrator Staff Member

Epic Internet Marketing Member

Hamza New Member

.