Blog
\
Vulnerabilities and Threats

VENOM Explained

David Robinson
Author
David Robinson
Updated
May 15, 2024
|
Published
May 15, 2015
|
min read

Key Points

Over the last few days there’s been a lot of hype surrounding the recently released (and patched) VENOM vulnerability. This post hopes to address this hype and provide an insight into the real risks it poses and what can be done if you are affected.

So, what is the VENOM vulnerability about? It’s basically a way for an attacker to jump between two virtual machines if they are running on the same hardware.

Firstly, if you’re not hosting anything in a shared virtualised environment (e.g, on a 3rd party cloud provider), then you can stop reading now.

Secondly, a lot of people seem to be drawing parallels between VENOM and Heartbleed, however, apart from the levels of marketing hype both received, they are not very similar at all. The main difference being that Heartbleed could be exploited remotely against vulnerable servers. VENOM is not remotely exploitable, and requires the cloud provider to have provisioned the attacker with a virtual machine on the same hardware as their target, which is not something the attacker can control.

While VENOM is a serious vulnerability, there are a few things worth noting:

  1. It’s not remotely exploitable. The attacker requires local access to a virtual machine on the same hardware as their target.
  2. It only affects QEMU based virtualisation, such as Xen, and does not affect other solutions such as Hyper-V or VMWare.
  3. As of 14th May, there is no publically available exploit code an attacker can use to exploit this vulnerability.
  4. A patch, fixing the issue in QEMU was issued on the 13th May (https://bugzilla.redhat.com/show_bug.cgi?id=1218611)

If you are still worried about the impact of this vulnerability; there are a few things you can do:

  1. Find out if your hosting provider uses Xen, or another QEMU based virtualisation software. If they don’t, then you’re not affected.
  2. If they do, find out if they’ve patched the software supporting your virtual machines.
  3. If you provision your hosts automatically and it is easy to do so, you could consider re-deploying all your hosts.

Overall, it is unlikely that you will have been exploited by this vulnerability, due to the difficulty of attack. However, if you host particularly sensitive data in the cloud, it would be worth following the above advice.

Get our free

Ultimate Guide to Vulnerability Scanning

Learn everything you need to get started with vulnerability scanning and how to get the most out of your chosen product with our free PDF guide.

Download now
Author
David Robinson
,

Reviewed by
,

Quick links
Heading 2
Heading 3
Heading 4
Heading 5
Heading 6
mail icon
Get regular updates

Get our latest news, research, and expert advice, straight to your inbox

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Recommended articles

Spring4Shell [CVE-2022-22965]: All you need to know
Vulnerabilities and Threats

Spring4Shell [CVE-2022-22965]: All you need to know

Spring4Shell is a critical vulnerability (CVSSv3 9.8) targetting Java’s most popular framework, Spring, and was disclosed on 31 March ...
User Enumeration in Microsoft Products: An Incident Waiting to Happen?
Vulnerabilities and Threats

User Enumeration in Microsoft Products: An Incident Waiting to Happen?

Intruder’s latest research reveals that up to 13,000 organisations are affected by little-known user enumeration flaws in a range of…
5 Network Security Threats And How To Protect Yourself
Vulnerabilities and Threats

5 Network Security Threats And How To Protect Yourself

Cybersecurity today matters so much because of everyone’s dependence on technology, from collaboration, communication and collecting data...

Sign up for your free 14-day trial

Start today
7 days free trial