Configuration 1
     OR
          *cpe:2.3:a:qemu:qemu:2.3.0:*:*:*:*:*:*:* (and previous)
Configuration 2
     OR
          *cpe:2.3:a:xen:xen:4.5.0:*:*:*:*:*:*:*
          *cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
          *cpe:2.3:o:redhat:enterprise_linux:6:*:*:*:*:*:*:*
          *cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
          *cpe:2.3:a:redhat:enterprise_virtualization:3.0:*:*:*:*:*:*:*
          *cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*
          *cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
          *cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*
          *cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*

(AV:A/AC:L/Au:S/C:C/I:C/A:C)

CWE-119

Though the VENOM vulnerability is also agnostic of the guest operating system, an attacker (or an attacker’s malware) would need to have administrative or root privileges in the guest operating system in order to exploit VENOM