Venom security vulnerability(CVE-2015-3456) in the virtual floppy drive code used by computer virtualization platforms. This will be allows an attacker to escape a virtual machine on certain open source hyper-visors.This is very serious vulnerability because it pierces a key protection that many cloud service providers use to segregate one customer's data from another's.
If attackers with access to one virtualized environment can escape to the underlying operating system, they could potentially access all virtual machines under Hyper-visor.
A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
It needs to be noted that even if a guest does not explicitly have a virtual floppy disk configured and attached, this issue is exploitable. The problem exists in the Floppy Disk Controller, which is initialized for every x86 and x86_64 guest regardless of the configuration and cannot be removed or disabled.
There is currently no known exploit that would make use of this vulnerability. The sVirt and seccomp functionalists used to restrict host's QEMU process privileges and resource access might mitigate the impact of successful exploitation of this issue.
A possible policy-based workaround is to avoid granting untrusted users administrator privileges within guests.
Resolution:
To eliminate the possibility of exploitation, install the updated QEMU, KVM, or Xen packages that have been made available through the advisories listed in the above table.
To install the updates, use the yum package manager as follows:
yum update
To only update the QEMU package (or the relevant package for your system) and its dependencies, use, for example:
yum update qemu-kvm
Following the update, the guests (virtual machines) need to be powered off and started up again for the update to take effect.
