The DigitalOcean platform has announced a security vulnerability, CVE-2015-3456, also known as VENOM, in its KVM/QEMU virtualization environment. This bug could potentially exploit a VM's virtual floppy driver and was identified by the company through a thorough audit of its platform. To mitigate the issue, DigitalOcean is rolling out updates across all infrastructure to apply the latest QEMU security patches and has implemented additional security features, including mandatory access control profiles for the QEMU process on hypervisors running the latest version of the cloud. A small number of hypervisors may require a reboot to complete the process, which will be done in a manner that minimizes disruption.