The world of “cloud computing” has been hit by another serious security vulnerability called “Venom.”

And Raleigh-based Red Hat, which has invested in cloud computing services, warns that “all” of its products that include  a particular open source tool are vulnerable. 

“The vulnerability was rated as having an Important impact,” Red Hat said.

Venom stands for “virtualized environment neglected operations manipulation.”

The vulnerability is more bad news for the rapidly growing cloud industry.

In a new report this week the analysis firm Research and Markets predicted the global managed security services market for cloud computing will reach nearly $30 billion by 2020 with a compound annual growth rate of almost 16 percent per year.

Global healthcare services through the cloud will hit more than $12 billion by 2020, according to IT Market research.

But in recent months, “Heartbleed” and “Bash Bug” also have caused headaches.

Like Red Hat, IBM (NYSE: IBM) has invested heavily in the cloud and has built a cloud-focused data center in RTP. IBM is banking especially hard on its “Watson” supercomputer-related health services. (IBM has yet to make a statement about Venom.)

Venom strikes

Jason Geffner, a senior security researcher at California-based CrowdStrike, broke the news about Venom on Wednesday.

Shortly, thereafter, Red Hat (NYSE: RHT), acknowledged as the global leader in open source Linux software and services and a leading player in cloud computing, issued a security warning.

“All Red Hat products that include QEMU are vulnerable to this flaw,” Red Hat said.

QEMU refers to an open source tool used for cloud and virtualization, which enables servers to support multiple operating systems simultaneously.

Other firms such as Amazon issued advisories and warnings.

“Serious vulnerability”

Venom is “a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms,” Geffner wrote.

“This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host. Absent mitigation, this VM escape could open access to the host system and all other VMs running on that host, potentially giving adversaries significant elevated access to the host’s local network and adjacent systems.”

Cloud computing has erupted as a global tool to drive up the sharing of computer power and also help companies contain costs since virtualization as well cloud software enable firms to share hardware or lease time rather than having to buy their own servers.

The Venom vulnerability is serious since companies sharing machines may now expose data, Geffner said.

“Exploitation of the Venom vulnerability can expose access to corporate intellectual property (IP), in addition to sensitive and personally identifiable information (PII), potentially impacting the thousands of organizations and millions of end users that rely on affected VMs for the allocation of shared computing resources, as well as connectivity, storage, security, and privacy.”

Red Hat’s warning

In its security alert, Red Hat identified several of its more popular products as being vulnerable.

  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 7
  • Red Hat Enteprise Virtualization 3 (RHEL 6)
  • Red Hat Enteprise Virtualization 3 (RHEL 7)
  • OpenStack Platform 4 (RHEL 6)
  • OpenStack Platform 5 (RHEL 6)
  • OpenStack Platform 5 (RHEL 7)
  • OpenStack Platform 6 (RHEL 7)

(Read more at: http://venom.crowdstrike.com/)

(The full Red Hat warning is at: https://access.redhat.com/articles/1444903)

CrowdStrike says it “provides next-generation endpoint protection, threat intelligence, 24×7 monitoring and incident response services to many of the world’s largest and most advanced companies and government agencies.”