wave
rectangle square backgroundrectangle square backgroundrectangle square backgroundrectangle square backgroundrectangle square backgroundrectangle square backgroundEngineering

Update on CVE-2015-3456, aka the VENOM Security Vulnerability

Posted: May 12, 20151 min read

Earlier today, CVE-2015-3456, a security vulnerability also known as VENOM was publicly announced. This bug in KVM/QEMU, our virtualization environment, could potentially exploit a VM’s virtual floppy driver as described in detail here and here. DigitalOcean has conducted a thorough audit of our platform and taken steps to mitigate the issue.

On hypervisors running the latest version of our cloud, the QEMU process is confined by a mandatory access control profile which would prevent a would-be attacker from accessing the host system or other Droplets. We are rolling out updates across all of our infrastructure to ensure the latest QEMU security patches are applied on each server. In addition, we have implemented a number of other security and monitoring features in order to provide early warning of attempts to exploit similar vulnerabilities.

In order to complete the process of applying the security patches, a small number of our hypervisors will require a reboot. Our team is currently working to schedule this in the least disruptive manner possible. We will keep you posted on our progress.

If you have any additional questions, please reach out to our support team:

https://cloud.digitalocean.com/support

Share

You've got unique business needs. We've got powerful solutions to meet them. Chat with us to get started.Contact sales

Related Articles

DigitalOcean's journey to Python Client generation
engineering

DigitalOcean's journey to Python Client generation

January 26, 20233 min read

How DigitalOcean uses Let’s Encrypt
engineering

How DigitalOcean uses Let’s Encrypt

November 28, 20223 min read

Inside DigitalOcean's Reserved IP Rails migration
engineering

Inside DigitalOcean's Reserved IP Rails migration

September 6, 20223 min read

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.

This promotional offer applies to new account only.

© 2023 DigitalOcean, LLC.
Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.

This promotional offer applies to new account only.