To install click the Add extension button. That's it.

The source code for the WIKI 2 extension is being checked by specialists of the Mozilla Foundation, Google, and Apple. You could also do it yourself at any point in time.

How to transfigure the Wikipedia

Would you like Wikipedia to always look as professional and up-to-date? We have created a browser extension. It will enhance any encyclopedic page you visit with the magic of the WIKI 2 technology.

Try it — you can delete it anytime.

Install in 5 seconds
4,5
Kelly Slayton
Congratulations on this excellent venture… what a great idea!
Alexander Grigorievskiy
I use WIKI 2 every day and almost forgot how the original Wikipedia looks like.
Live Statistics
English Articles
Improved in 24 Hours
Added in 24 Hours
Languages
Recent
Show all languages
What we do. Every page goes through several hundred of perfecting techniques; in live mode. Quite the same Wikipedia. Just better.
Great Wikipedia has got greater.
.
Leo
Newton
Brights
Milds

Virtual machine escape

From Wikipedia, the free encyclopedia

In computer security, virtual machine escape is the process of a program breaking out of the virtual machine on which it is running and interacting with the host operating system.[1] A virtual machine is a "completely isolated guest operating system installation within a normal host operating system".[2] In 2008, a vulnerability (CVE-2008-0923) in VMware discovered by Core Security Technologies made VM escape possible on VMware Workstation 6.0.2 and 5.5.4.[3][4] A fully working exploit labeled Cloudburst was developed by Immunity Inc. for Immunity CANVAS (commercial penetration testing tool).[5] Cloudburst was presented in Black Hat USA 2009.[6]

YouTube Encyclopedic

  • 1/3
    Views:
    27 255
    12 902
    77 508
  • Demonstrating a VMware Guest-to-Host Escape
  • Pwn2Own 2020 - Guest-to-Host Escape on Oracle VirtualBox
  • How to guarantee a safe environment for testing malware in VirtualBox

Transcription

Previous known vulnerabilities

  • CVE-2007-4993 Xen pygrub: Command injection in grub.conf file.
  • CVE-2007-1744 Directory traversal vulnerability in shared folders feature for VMware
  • CVE-2008-0923 Directory traversal vulnerability in shared folders feature for VMware
  • CVE-2008-1943 Xen Para Virtualized Frame Buffer backend buffer overflow.
  • CVE-2009-1244 Cloudburst: VM display function in VMware
  • CVE-2011-1751 QEMU-KVM: PIIX4 emulation does not check if a device is hotpluggable before unplugging[7]
  • CVE-2012-0217 The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier
  • CVE-2014-0983 Oracle VirtualBox 3D acceleration multiple memory corruption
  • CVE-2015-3456 VENOM: buffer-overflow in QEMU's virtual floppy disk controller
  • CVE-2015-7504 QEMU-KVM: Heap overflow in pcnet_receive function.[8]
  • CVE-2015-7835 Xen Hypervisor: Uncontrolled creation of large page mappings by PV guests
  • CVE-2016-6258 Xen Hypervisor: The PV pagetable code has fast-paths for making updates to pre-existing pagetable entries, to skip expensive re-validation in safe cases (e.g. clearing only Access/Dirty bits). The bits considered safe were too broad, and not actually safe.
  • CVE-2016-7092 Xen Hypervisor: Disallow L3 recursive pagetable for 32-bit PV guests
  • CVE-2017-5715, 2017-5753, 2017-5754: The Spectre and Meltdown hardware vulnerabilities, a cache side-channel attack on CPU level (Rogue Data Cache Load (RDCL)), allow a rogue process to read all memory of a computer, even outside the memory assigned to a virtual machine
  • CVE-2017-0075 Hyper-V Remote Code Execution Vulnerability
  • CVE-2017-0109 Hyper-V Remote Code Execution Vulnerability
  • CVE-2017-4903 VMware ESXi, Workstation, Fusion: SVGA driver contains buffer overflow that may allow guests to execute code on hosts[9]
  • CVE-2017-4934 VMware Workstation, Fusion: Heap buffer-overflow vulnerability in VMNAT device that may allow a guest to execute code on the host[10]
  • CVE-2017-4936 VMware Workstation, Horizon View : Multiple out-of-bounds read issues via Cortado ThinPrint may allow a guest to execute code or perform a Denial of Service on the Windows OS[10]
  • CVE-2018-2698 Oracle VirtualBox: shared memory interface by the VGA allows read and writes on the host OS[11]
  • CVE-2018-6981 VMware ESXi, Workstation, Fusion: Uninitialized stack memory usage in the vmxnet3 virtual network adapter.[12]
  • CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2019-11091: "Microarchitectural Data Sampling" (MDS) attacks: Similar to above Spectre and Meltdown attacks, this cache side-channel attack on CPU level allows to read data across VMs and even data of the host system. Sub types: Microarchitectural Store Buffer Data Sampling (MSBDS), Microarchitectural Fill Buffer Data Sampling (MFBDS) = Zombieload, Microarchitectural Load Port Data Sampling (MLPDS), and Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
  • CVE-2019-0719, CVE-2019-0721, CVE-2019-1389, CVE-2019-1397, CVE-2019-1398 Windows Hyper-V Remote Code Execution Vulnerability
  • CVE-2019-18420, CVE-2019-18421, CVE-2019-18422, CVE-2019-18423, CVE-2019-18424, CVE-2019-18425: Xen Hypervisor and Citrix Hypervisor: Allows guest virtual machines to compromise the host system (denial of service and rights escalation) [13]
  • CVE-2019-5183 (critical), CVE-2019-5124, CVE-2019-5146, CVE-2019-5147: Windows 10 and VMWare Workstation using AMD Radeon graphics cards using Adrenalin driver: attacker in guest system can use pixel shader to cause memory error on the host system, injecting malicious code to the host system and execute it.[14]
  • CVE-2018-12130, CVE-2019-11135, CVE-2020-0548: ZombieLoad, ZombieLoad v2, Vector Register Sampling (VRS), Microarchitectural Data Sampling (MDS), Transactional Asynchronous Abort (TAA), CacheOut, L1D Eviction Sampling (L1DES): L1 cache side attacks on CPU level allow virtual machines to read memory outside of their sandbox[15]
  • CVE-2020-3962, CVE-2020-3963, CVE-2020-3964, CVE-2020-3965, CVE-2020-3966, CVE-2020-3967, CVE-2020-3968, CVE-2020-3969, CVE-2020-3970, CVE-2020-3971: VMware ESXi, Workstation Pro / Player, Fusion Pro, Cloud Foundation: Vulnerabilities in SVGA, graphics shader, USB driver, xHCI/EHCI, PVNVRAM, and vmxnet3 can cause virtual machine escape[16]

See also

References

  1. ^ "What is VM Escape? - The Lone Sysadmin". 22 September 2007.
  2. ^ "Virtual Machines: Virtualization vs. Emulation". Archived from the original on 2014-07-15. Retrieved 2011-03-11.
  3. ^ "Path Traversal vulnerability in VMware's shared folders implementation". 18 May 2016.
  4. ^ Dignan, Larry. "Researcher: Critical vulnerability found in VMware's desktop apps - ZDNet". ZDNet.
  5. ^ "Security Monitoring News, Analysis, Discussion, & Community". Dark Reading. Archived from the original on 2011-07-19. Retrieved 2011-10-23.
  6. ^ "Black Hat ® Technical Security Conference: USA 2009 // Briefings". www.blackhat.com.
  7. ^ "DEFCON 19: Virtunoid: Breaking out of KVM" (PDF). Nelson Elhage.
  8. ^ "VM escape - QEMU Case Study". Mehdi Talbi & Paul Fariello.
  9. ^ "VMSA-2017-0006". VMware.
  10. ^ a b "VMSA-2017-0018.1". VMware.
  11. ^ "CVE-2018-2698". exploit-db.com: Oracle VirtualBox < 5.1.30 / < 5.2-rc1 - Guest to Host Escape. 24 January 2018.
  12. ^ "Chaos Communication Congress 2019: The Great Escape of ESXi". media.ccc.de. 28 December 2019.
  13. ^ "CVE-2019-18420 to 18425". Patches beheben Schwachstellen in Xen und Citrix Hypervisor.
  14. ^ "CVE-2019-0964 (critical), CVE-2019-5124, CVE-2019-5146, CVE-2019-5147". Sicherheitsupdate: AMD-Treiber und VMware.
  15. ^ Mantle, Mark (2020-01-28). "Sicherheitslücken in Intel-CPUs: Modifizierte Angriffe erfordern BIOS-Updates". Heise (in German). Retrieved 2024-01-10.
  16. ^ "CVE-2020-3962, CVE-2020-3963, CVE-2020-3964, CVE-2020-3965, CVE-2020-3966, CVE-2020-3967, CVE-2020-3968, CVE-2020-3969, CVE-2020-3970, CVE-2020-3971". VMWare Advisory VMSA-2020-0015.1.

External links

This page was last edited on 10 January 2024, at 12:42
Basis of this page is in Wikipedia. Text is available under the CC BY-SA 3.0 Unported License. Non-text media are available under their specified licenses. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc. WIKI 2 is an independent company and has no affiliation with Wikimedia Foundation.
Contact WIKI 2
Introduction
Terms of Service
Privacy Policy