Status Blog
Welcome to the official offsite news and network announcements blog for RackSRV Communications. From this blog we will announce any planned maintenance, known service issues, promotions and general industry news so please consider bookmarking or utilising our RSS feed to keep yourself informed!

Security vulnerability affecting Xen/KVM (CVE-2015-3456)

    Posted in Industry News by Jon on 14/05/2015 @ 23:32

We recieved the following announcement earlier from SolusVM regarding a vulnerability (VENOM / CVE-2015-3456) being detected in QEMU's Floppy Disk Controller (FDC) emulation code which affects Xen & KVM virtualizations:

An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.

The flaw affects all versions of QEMU going back to 2004, when the virtual floppy controller was first introduced. Fortunately there is no known exploit that can successfully attack the flaw so far. Yet VENOM is risky enough to be considered a high-priority vulnerability. In order to mount an exploit attempt, a user on the guest machine would need sufficient permissions to access the floppy disk controller I/O ports. On Linux guests, that means the user would need to have root access or otherwise elevated privilege. But on Windows guests, practically any user would have sufficient permissions.

Upgrading a KVM Hypervisor:

yum update qemu-kvm

Following the update, the guests (virtual machines) need to be powered off and started up again for the update to take effect. Please note that it is not enough to restart the guests because a restarted guest would continue running using the same (old, not updated) QEMU binary.

Upgrading a Xen Hypervisor (RHEL 6):

yum update xen

Following the update, the guests (virtual machines) need to be powered off and started up again for the update to take effect. Please note that it is not enough to restart the guests because a restarted guest would continue running using the same (old, not updated) QEMU binary.

Upgrading a Xen Hypervisor (RHEL 5):

If your hypervisor is RHEL 5 and you use the 3.4.x version of Xen please see the following document https://documentation.solusvm.com/display/DOCS/Xen+3.4.x+RPM+Releases

References:

http://www.theregister.co.uk/2015/05/13/heartbleed_eat_your_heart_out_venom_vuln_poisons_countless_vms
http://venom.crowdstrike.com

Please Note:

RackSRV VPS clients have already been protected aggainst this vulnerability (VENOM / CVE-2015-3456), we are merely spreading the announcement to make sure anyone else who may be affected can get protected ASAP!

Recent News
Urgent maintenance to RackSRV website »
We are currently experiencing a sharp and unexpected down turn in performance on
DR Network Maintenance 04/08/21 »
We have received notification from the upstream provider at our DR facility (i.e
Half price promotion for new managed services »
To celebrate what will hopefully be a more positive year, we have launched a new
READ MORE
Knowledgebase Articles
READ MORE