wave
rectangle square backgroundrectangle square backgroundrectangle square backgroundrectangle square backgroundrectangle square backgroundrectangle square backgroundEngineering

Update on CVE-2015-3456, aka the VENOM Security Vulnerability

Posted: May 12, 20151 min read

    Earlier today, CVE-2015-3456, a security vulnerability also known as VENOM was publicly announced. This bug in KVM/QEMU, our virtualization environment, could potentially exploit a VM’s virtual floppy driver as described in detail here and here. DigitalOcean has conducted a thorough audit of our platform and taken steps to mitigate the issue.

    On hypervisors running the latest version of our cloud, the QEMU process is confined by a mandatory access control profile which would prevent a would-be attacker from accessing the host system or other Droplets. We are rolling out updates across all of our infrastructure to ensure the latest QEMU security patches are applied on each server. In addition, we have implemented a number of other security and monitoring features in order to provide early warning of attempts to exploit similar vulnerabilities.

    In order to complete the process of applying the security patches, a small number of our hypervisors will require a reboot. Our team is currently working to schedule this in the least disruptive manner possible. We will keep you posted on our progress.

    If you have any additional questions, please reach out to our support team:

    https://cloud.digitalocean.com/support

    Share

    TwitterFacebookLinkedInHackerNews

    Optimize your streaming business

    Download our guide to learn how streaming businesses can optimize their architecture to save costs.

    Download now

    Related Articles

    How DigitalOcean uses Let’s Encrypt
    engineering

    How DigitalOcean uses Let’s Encrypt

    November 28, 20223 min read

    Inside DigitalOcean's Reserved IP Rails migration
    engineering

    Inside DigitalOcean's Reserved IP Rails migration

    September 6, 20223 min read

    How DigitalOcean’s new Droplet Console works
    engineering

    How DigitalOcean’s new Droplet Console works

    May 26, 20223 min read

    Sea floor left
    Sea floor middle
    Sea floor right