Security Researchers have discovered a new Zero-Day vulnerability in the virtual floppy drive used by virtualisation platforms.
The Floppy Disk Controller emulation Vulnerability has been assigned CVE-2015-3456 (1) is now being referred to as VENOM, was discovered by Jason Geffner of CrowdStrike, Inc. The vulnerability was rated as having an Important impact.
A privileged guest user can use this vulnerability to crash the guest or, execute arbitrary code on the host with the privileges of the host’s QEMU process corresponding to the guest. Even if a guest does not explicitly have a virtual floppy disk configured and attached, this issue is exploitable.
Geffner has warned that this VM escape could open access to the host system and all other VMs running on that host OS, potentially giving attackers privileged access to the host’s local network.
Since the VENOM vulnerability exists in the hypervisor’s codebase, the vulnerability is agnostic of the host operating system (Linux, Windows, Mac OS, etc.).
Nist(2) tell us that “Though the VENOM vulnerability is also agnostic of the guest operating system, an attacker (or an attacker’s malware) would need to have administrative or root privileges in the guest operating system in order to exploit VENOM”
The bug is in QEMU’s virtual Floppy Disk Controller (FDC).
Crowdstrike(3) tell us that the vulnerable code is in “numerous virtualization platforms and appliances, notably Xen, KVM, and the native QEMU client.
VMware, Microsoft Hyper-V, and Bochs hypervisors are not impacted by this vulnerability.”
References
1. cve.mitre.org CVE-2015-3456
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456 Retrieved 15/5/2015
2. National Vulnerability Database (nist.gov) Vulnerability Summary for CVE-2015-3456 05/14/2015
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3456 Retrieved 15/5/2015
3.Crowdstrike.com Venom
http://venom.crowdstrike.com/ Retrieved 15/5/2015