[Openstack-operators] Venom vulnerability

Tristan Cacqueray tdecacqu at redhat.com
Thu Jun 4 18:39:10 UTC 2015

On 06/04/2015 08:50 AM, Fox, Kevin M wrote:
> I'm not aware of any check that actually tests the vulnerability. Just checks package versions.


On the compute host you can check the process age using  "ps aux". The
START column for every qemu-system-* process should be more recent than
the date you updated. At least, any process older than May 13th still
has the bug.

Also, using PID, you can make sure /proc/$pid/exe is pointing to the new
binary and not a "(deleted)" one.

Within a guest, the condition of exploitation may vary from system to
system. A reproducer has been published here:

Though it requires fast timing, here is an updated version to prod the
other vulnerable floppy command:

#include <sys/io.h>
int main() {
    int i;
    for (i=0;i<10000000;i++)
gcc -O2 venom.c && sudo ./a.out

This should crash an ubuntu-14.04 instance if qemu is still vulnerable.
However it's not 100% guaranteed and you better make sure qemu-kvm is
up-to-date and no old qemu instance are running.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20150604/b58b8cf6/attachment.pgp>

More information about the OpenStack-operators mailing list