May 22, 2015

VENOM Vulnerability

On May 13, 2015 the discovery of a buffer overflow bug, dubbed VENOM, was announced. The bug resides in the code for a low-level floppy disk controller used in the Xen, KVM, and native QEMU virtual machine platforms. The bug could enable an attacker to escape from a protected guest environment to the host operating system, and from there to potentially attack and compromise other virtual machines. More information about the vulnerability (CVE-2015-3456) is available here.

MobiControl Cloud and SOTI Services customers are not affected by this vulnerability, and no action is required on their part. Both MobiControl Cloud and the SOTI Services are hosted on Amazon Web Services, which were patched by Amazon before the public announcement.