HP Security Bulletin HPSBMU03349 1 - A potential security vulnerability has been identified with HP Helion CloudSystem. The vulnerability could be exploited locally resulting in Denial of Service (DoS) or execution of arbitrary code. Notes: This is the vulnerability known as "Virtual Environment Neglected Operations Manipulation" also known as "VENOM". This vulnerability exists in the floppy disk controller driver of QEMU, an open-source virtualization technology used to provision guest Virtual Machines. This vulnerability affects all versions of QEMU and could lead to hypervisor breakout, where a user of the guest VM can gain control of the host. HP Helion CloudSystem leverages QEMU as a core part of its virtualization functionality and is therefore affected by this vulnerability. Revision 1 of this advisory. Continue reading...
