wave
rectangle square backgroundrectangle square backgroundrectangle square backgroundrectangle square backgroundrectangle square backgroundrectangle square backgroundEngineering

Update on CVE-2015-3456, aka the VENOM Security Vulnerability

Posted: May 12, 20151 min read

Earlier today, CVE-2015-3456, a security vulnerability also known as VENOM was publicly announced. This bug in KVM/QEMU, our virtualization environment, could potentially exploit a VM's virtual floppy driver as described in detail here and here. DigitalOcean has conducted a thorough audit of our platform and taken steps to mitigate the issue.

On hypervisors running the latest version of our cloud, the QEMU process is confined by a mandatory access control profile which would prevent a would-be attacker from accessing the host system or other Droplets. We are rolling out updates across all of our infrastructure to ensure the latest QEMU security patches are applied on each server. In addition, we have implemented a number of other security and monitoring features in order to provide early warning of attempts to exploit similar vulnerabilities.

In order to complete the process of applying the security patches, a small number of our hypervisors will require a reboot. Our team is currently working to schedule this in the least disruptive manner possible. We will keep you posted on our progress.

If you have any additional questions, please reach out to our support team:

https://cloud.digitalocean.com/support

Share

TwitterFacebookLinkedInHackerNews

Optimize your streaming business

Download our guide to learn how streaming businesses can optimize their architecture to save costs.

Download now

Related Articles

Creating a Simple Contacts List with Laravel and PostgreSQL
engineering

Creating a Simple Contacts List with Laravel and PostgreSQL

November 29, 20193 min read

Creating a Simple Contacts List with Go and PostgreSQL
engineering

Creating a Simple Contacts List with Go and PostgreSQL

November 29, 20193 min read

Prepped for Portland and OSCON 2018
engineering

Prepped for Portland and OSCON 2018

October 28, 20193 min read

Sea floor left
Sea floor middle
Sea floor right