Proof of concept code exploiting the VENOM vulnerability has surfaced. The vulnerability could lead to an attacker escaping the confines of the virtual machine and gaining access to the host, and in turn, all of the other virtual instances running on that server. Experts caution that users shouldn’t buy into all the hyperbole about the vulnerability, especially comparisons to Heartbleed and other Internet-wide bugs. The bug was found by researchers at CrowdStrike and lives in the virtual floppy disk controller of QEMU, an open-source virtualization package.
Source: https://threatpost.com/several-factors-mitigate-venoms-utility-for-attackers/112841/