Most datacenters today work by installing virtualized environments on their servers, a standard practice which allows them to save space and better optimize the way that larger and smaller companies share bandwidth between them.
The codeword for the bug, called ‘Venom’, is actually an abbreviation of the full title of the vulnerability — the “Virtualized Environment Neglected Operations Manipulation”– which is based off which parts of the system it attacks.
A collection of virtualized machines running off one machine is what’s known as a “hypervisor”, and what makes Venom significant is its ability to use the open-source computer emulator QEMU to hijack the floppy disk controller and affect all the sandboxes under the same hypervisor umbrella.
“Millions of virtual machines are using one of these vulnerable platforms,” said CrowdStrike’s Jason Geffner, the researcher who found the bug.
Thankfully, CrowdStrike has been working closely with major datacenter providers over the past few months to get the hole patched before publicly disclosing its existence today. This approach is in stark contrast to what we saw with Heartbleed, wherein the free-for-all of patching vulnerabilities was left to whoever could jump on the pile first after the news initially broke.
So far no exploits have been detected in the wild, despite the fact that the bug has been installed in the affected systems since as early as 2004. For now, the main virtualization platforms under fire include KVM, VirtualBox, and Xen, while VMWare, Hyper-V, and Bochs hypervisors are in the clear.
With the majority of providers utilizing systems based off the latter half of this list, hopefully the threat will be reigned in before things spiral too far out of control.
