VENOM

This article is about the computer security flaw. For other uses, see Venom (disambiguation).

VENOM (short for Virtualized Environment Neglected Operations Manipulation^[1]) is a computer security flaw that was discovered in 2015 by Jason Geffner, then a security researcher at CrowdStrike.^[2] The flaw was introduced in 2004 and affected versions of QEMU, Xen, KVM, and VirtualBox from that date until it was patched following disclosure.^[3][4]

The existence of the vulnerability was due to a flaw in QEMU's virtual floppy disk controller.^[5]

VENOM is registered in the Common Vulnerabilities and Exposures database as CVE-2015-3456.^[6]