Last week, Paolo Bonzini of Red Hat announced qboot, a new x86 firmware option for QEMU. qboot is a minimal x86 firmware that runs on QEMU and, together with a slimmed-down QEMU configuration, boots a virtual machine in 40 milliseconds on an Ivy Bridge Core i7 processor. The code is 8KB in size.
As reported by Robert Hackett at Fortune, Crowdstrike has research on a new vulnerability that impacts virtualization. Venom stands for “virtualized environment neglected operations manipulation”. It impacts QEMU, Xen, KVM, and VirtualBox, among others.
(It must be a big deal, as it already has an icon. I think Heartbleed took longer for it’s icon.)