Venom Vulnerability and SiteGround Cloud and VPS Accounts


A serious security issue in one of the world’s most popular machine emulator and virtualizer QEMU, used by the most popular virtualization systems – KVM, Xen and others has been discovered. The so-called Venom attack allows an user with root access to his/her virtual machine to gain root access to the entire host node under special circumstances. An official patch of for qemu-kvm has already been released and it fixes the vulnerability.

How This Affects SiteGround Customers?

As we wrote in a blog post in January, we have switched our former VPS service to a new cloud hosting platform running on Linux containers. This platform does not use KVM or any other virtualization method, as it is based on Linux containers, which means that all SiteGround customers that launched their cloud plan after January 21st 2015, are not affected in any way by this vulnerability.

However, our VPS and Cloud accounts ordered before the launch of our new container-based service are still using the KVM-based virtualization. The good news is that in order to gain root access to a VPS node, the attacker needs root access to at least one of the virtual machines on this node. For security reasons that now pay off, we do not provide such access to our VPS and cloud users. This means that even if you are on a SiteGround KVM-based machine, we’ve still got you covered.

Nevertheless, the vulnerability exists and it has to be patched. This is why our security team have been working around the clock since the exploit has been announced. The official patch has been tested and we’re currently deploying it on all KVM-based accounts that we have. The patch requires a reboot of the virtual machine in order to be applied, which will result in approximately 2 to 3 minutes downtime per account. If your account is affected by this security reboot, you will be notified in your User Area.

Access email sent!

Sign Up For
More Awesome Content!

Subscribe to receive our monthly newsletters with the latest helpful content and offers from SiteGround.


Please check your email to confirm your subscription.

author avatar

Hristo Pandjarov

Product Innovation Director

Enthusiastic about all Open Source applications you can think of, but mostly about WordPress. Add a pinch of love for web design, new technologies, search engine optimisation and you are pretty much there!

Comments ( 5 )

author avatar

mel ausman

May 17, 2015

Why is it that you are not supporting the latest Moodle updates with your databases? Moodle 2.9 requires the database file format update from Antelope to Barracuda. After talking with your tech person they will not update and my only choice is to get a very expensive update to my account. I've been updating the databases over the years as there has been many changes. After researching this I found that Barracuda will be the standard. Your are alienating the educational establishment and teachers like me that have been using Moodle at your site for 8-10 years. I actually transferred to your site from GoDaddy. You have Moodle 2.9 in the Softaculous App.

author avatar

Hristo Pandjarov Siteground Team

May 19, 2015

We will definitelly look into this, thanks for your feedback!

author avatar


Jun 22, 2015

any update on this? I also need a hosting partner who is willing to upgrade the moodle database from antelope to barracuda. If not, siteground is not the hosting partner for us anymore and we will have to end our hosting contracts with siteground. Cannot believe this is such an issue for siteground!

author avatar

Hristo Pandjarov Siteground Team

Jun 23, 2015

The database update is only recommended but not mandatory for the latest Moodle version. This means that it can work just fine on the current setup. For further information about how to setup the application, please contact us via the Help Desk.

author avatar


Apr 14, 2017

Well it is a requirement now for Moodle 3.2+


Start discussion

Related Posts