On May 13, 2015, an announcement was published (CVE-2015-3456) about a new security vulnerability named VENOM and stands for Virtualized Environment Neglected Operations Manipulation. The vulnerability exists in the QEMU Floppy Drive Controller, which is the virtual floppy disk code used by many computer virtualization platforms. These platforms are the backbone of most data center infrastructure.
This vulnerability may allow an attacker to escape an affected virtual machine (VM) quest and potentially access the host system including other VMs running on the system. This particular vulnerability impacts the open-source hypervisor QEMU as well as other platforms and appliances such as Xen, KVM, and Oracle's Virtualbox. Since the Venom vulnerability exists in the hypervisor's codebase, the vulnerability is agnostic of the host operating system (Linux, Windows, Mac OS, etc).
Upon learning of this new security vulnerability, we immediately began assessing the potential threat in regard to Redtail's infrastructure. After reviewing the vulnerability scope and auditing our infrastructure, it was determined that VENOM does not impact Redtail's infrastructure. The hypervisor platform utilized by Redtail is not impacted by the vulnerability.
Rest assured we take all threats of this nature seriously and we will continue to monitor ongoing updates concerning the Venom vulnerability and react accordingly should additional action be required on our end.