Attacking the VM Worker Process

In the past year we invested a lot of time making Hyper-V research more accessible to everyone. Our first blog post, “First Steps in Hyper-V Research”, describes the tools and setup for debugging the hypervisor and examines the interesting attack surfaces of the virtualization stack components. W...

CVE-2019-0720

A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating syste...

June 11, 2019—KB4503293 (OS Build 18362.175)

June 11, 2019—KB4503293 OS Build 18362.175 Note Follow @WindowsUpdate to find out when new content is published to the release information dashboard. Notes: This release also contains updates for Microsoft HoloLens OS Build 18362.1020 released June 11, 2019. Microsoft will release an update...

Buffer overflow

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...

Microsoft Windows Hyper-V Security Bypass Vulnerability

Microsoft Windows 10 and others are a series of operating systems released by Microsoft Corporation USA.Windows Hyper-V is one of the virtualization products that supports the creation of virtual machines in Windows. A security feature bypass vulnerability exists in Microsoft Windows Hyper-V that...

Linux kernel KVM elevation of privilege vulnerability

Linux kernel is the kernel used by the operating system Linux released by the Linux Foundation in the U.S. KVM is one of the kernel-based virtual machines. A security vulnerability exists in KVM 4.10 and later versions of the Linux kernel, which stems from the program's failure to detect the CPL...

DEBIAN-CVE-2018-15468

An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the...

Kernel: hw: cpu: L1 terminal fault (L1TF)

Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of...

Kernel: hw: cpu: L1 terminal fault (L1TF)

Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of...

July 10, 2018—KB4338819 (OS Build 17134.165)

July 10, 2018—KB4338819 OS Build 17134.165 Note This release also contains updates for Microsoft HoloLens OS Build 17134.165 released July 10, 2018. Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes...

Sharing research and discoveries at PWN2OWN

The annual PWN2OWN exploit contest at the CanSecWest conference in Vancouver, British Columbia, Canada, brings together some of the top security talent from across the globe in a friendly competition. For the participants, these events are a platform to demonstrate world-class skills and vie for...

Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch

The xhciringfetch function in hw/usb/hcd-xhci.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop and QEMU process crash by leveraging failure to limit the number of link Transfer Request Blocks TRB to process...

UBUNTU-CVE-2017-10918

Xen through 4.8.x does not validate memory allocations during certain P2M operations, which allows guest OS users to obtain privileged host OS access, aka XSA-222...

DEBIAN-CVE-2016-10013

Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation...

Oracle VM VirtualBox Remote Vulnerability

Oracle Virtualization Oracle VirtualBox is a virtual machine component of Oracle's virtualization solution. A security vulnerability exists in the GUI subcomponent of the Oracle VM VirtualBox component in Oracle Virtualization. An attacker could exploit this vulnerability to compromise the...

DEBIAN-CVE-2016-6836

The vmxnet3completepacket function in hw/net/vmxnet3.c in QEMU aka Quick Emulator allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcqdescr object...

Xen Denial of Service Vulnerability (CNVD-2016-12158)

Xen is an open source virtual machine monitor product developed at the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. Xen has a denial of service...

USN-3047-1 qemu, qemu-kvm vulnerabilities

Li Qiang discovered that QEMU incorrectly handled 53C9X Fast SCSI controller emulation. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is...

virt: guest to host DoS by triggering an infinite loop in microcode via #AC exception

It was found that the x86 ISA Instruction Set Architecture is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way sequential delivering of benign exceptions such as AC alignment check exception is handled. A privileg...

The vulnerability of Hyper-V software allows a malicious actor to trigger a service failure.

The Hyper-V component of the Windows operating system contains a vulnerability related to errors that occur when a specially crafted application is launched on a virtual machine. Exploiting this vulnerability can allow an attacker to cause a failure in the virtual machine controller...