How to tell if your guest VM is vulnerable to Venom

When I first heard about the virtual floppy bug called Venom I wondered if all Xen guests were affected. I quickly discovered that paravirtualized X86 guests are NOT affected. I was pretty sure the Linux guests running on our Exalogic were paravirtualized so I didn’t worry about it. Over the weekend I noticed more publicity about Venom and I decided I should make sure. I don’t have access to Dom0 so I needed to see the virtualization mode from within the guest OS. After a little research I found that if you are using the PVHVM drivers (xen-blkfront for disk, and xen-netfront for network)  you are paravirtualized on Xen. I checked lsmod and verified my initial assumption was correct.

> lsmod | grep -i xen
xen_netfront 16420 0
xen_blkfront 13602 7

References:

http://venom.crowdstrike.com/

http://arstechnica.com/security/2015/05/extremely-serious-virtual-machine-bug-threatens-cloud-providers-everywhere/

http://wiki.xen.org/wiki/Xen_Linux_PV_on_HVM_drivers

https://ervikrant06.wordpress.com/2014/10/17/how-to-determine-the-type-of-vm-from-inside-the-vm-in-ovm-x86/

Advertisements

2 thoughts on “How to tell if your guest VM is vulnerable to Venom

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s