Pagoda Box Not Affected by VENOM
Details regarding the VENOM vulnerability and its affect on Pagoda Box apps.
The recently disclosed VENOM Vulnerability exposes a way to break out of the confines of virtual machines (VM) managed by QEMU’s virtual Floppy Disk Controller (FDC). Notable technologies affected include Xen and KVM. If able to break out of the VM, attackers could/would have access to the entire host machine.
Apps and user services on Pagoda Box are NOT susceptible to the VENOM Vulnerability.
User Services Live Within Native SmartOS Zones
All user services on Pagoda Box live inside of Native SmartOS zones, virtualization built into the SmartOS kernel. These native zones do not use QEMU to manage virtualization.