News

Virtual drive leak allows attack on host system VMs

By admin
Spread the love

CrowdStrike has discovered a vulnerability in QEMU’s virtual floppy disk controller. This component is used by Xen and KVM, among others. The hole makes it possible to access the host system that virtual machines run on top of.

The security hole, dubbed Venom, has been discovered in the virtual floppy controller. It is used by several hypervisors, including Xen, KVM, and the native QEMU client. Hyper-V hypervisors from Microsoft, VMware and Bochs are not vulnerable.

According to CrowdStrike, QEMU’s virtualized floppy drive controller contains a bug when certain commands are sent. This creates a buffer overflow and allows malicious code to be executed in the hypervisor. As a result, an attacker could potentially attack other virtual machines or the underlying operating system.

To exploit the bug in the virtual floppy controller, an attacker or the malware used must have root rights or administrator access to the affected guest virtual system. Furthermore, all underlying host operating systems running the hypervisor are vulnerable to the Venom security hole.

The bug is said to have been present in the source code of QEMU since 2004 and can partly be exploited if the virtual floppy drive controller is disabled in the hypervisor. Many virtualization software would have received an update by now, which fixes the vulnerability.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

EU Council determines position on security requirements for digital products

News

Microsoft and Activision Blizzard postpone acquisition deadline until October

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses