VENOM, CVE-2015-3456, is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms.
This vulnerability may allow an attacker to escape from a virtual machine guest and potentially obtain code-execution access to the host.
Absent mitigation, this VM escape could open access to the host system and all other VMs running on that host, potentially giving adversaries significant elevated access to the host’s local network and adjacent systems.
This issue affects all x86 and x86-64 based HVM Xen and QEMU/KVM guests.