The bite caused by a bug found in many virtualization platforms may not be as severe as first thought, according to a news report.
On Wednesday, a California vendor of endpoint security products called CrowdStrike released details on a vulnerability (CVE-2015-3456) it dubbed Venom, a hole in the floppy drive emulation code used by many virtualization platforms including XEN, KVM, QEMU, and VirtualBox.
The initial headlines were alarming. However, at least ond site says the bug can’t easily be exploited.
CSO Online quoted several security experts noting that an attacker has to have administrative privileges. In addition, the bug doesn’t affect VMware, Microsoft Hyper-V, and Bochs hypervisors, nor any applications running on Amazon’s AWS platform.
Patches for many platforms have been or are about to be released. Among those out already are from Xen Project, Citrix, FireEye, QEMU, Red Hat, Suse and Ubuntu Linux, and F5.
“It’s serious, but not Heartbleed serious. There are no known in-the-wild attacks and a patch is available,” Karl Sigler, threat intelligence manager at Trustwave, is quoted as saying.
Tod Beardsley, Research Manager at Rapid7, is also quoted as saying those most affected run or subscribe to hosted VPS services.
Crowdstrike says Venom may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host. On Xen and QEMU, the vendor says, even if the administrator explicitly disables the virtual floppy drive, an unrelated bug causes the vulnerable FDC code to remain active and exploitable by attackers.