Critical VM escape vulnerability impacts business systems, data centers
A critical vulnerability in code used by several virtualization platforms can put business information stored in data centers at risk of compromise.
The flaw, dubbed Venom but tracked as CVE-2015-3456, can allow an attacker to break out from the confines of a virtual machine (VM) and execute code on the host system.
This security boundary is critical in protecting the confidentiality of data in data centers, where virtualization is extensively used to allow different tenants to run servers on the same physical hardware.
The flaw is located in the virtual Floppy Disk Controller (FDC) code from the QEMU open source machine emulator and virtualizer. The code is also used by the Xen, KVM and other virtualization platforms.