Search the Community

awesome vmware escape exploit Sharing some useful archives about vm and qemu escape exploit. I want to collect what I can find. Also be welcome to provide me with issues. In computer security, virtual machine escape is the process of breaking out of a virtual machine and interacting with the host operating system. VMware && Esxi Writeup and Exploit VMware Escape Exploit - CVE-2017-4901 A-bunch-of-Red-Pills-VMware-Escapes eu-17-Mandal-The-Great-Escapes-Of-Vmware-A-Retrospective-Case-Study-Of-Vmware-G2H-Escape-Vulnerabilities Vmware-exploit GitHub repositor Virtualbox Basic virtualbox technical background VirtualBox E1000 Guest-to-Host Escape Oracle VirtualBox < 5.1.30 / < 5.2-rc1 - GUest to Host Escape VirtualBox 5.2.6.r120293 -VM Escape Escaping VirtualBox 6.1 Qemu VM escape - QEMU Case Study Qemu - Escape - analysis - CVE-2015-7504 and CVE-2015-7512 Some Qemu escape exploit Docker Basic eu-15-Bettini-Vulnerability-Exploitation-In-Docker-Container-Environments CSW2016-Docker-Escape-Techonology escaping-docker-container-using-waitid-cve-2017-5123 Hyper-V awesome-hyper-v-exploitation Misc google group vmkernelnewbies(has some good basic intro) XEN D2T2-Shangcong-Luan-Xen-Hypervisor-VM-Escape vmware exploitation(list)

On August 24, QEMU released a security patch to fix a VM escape vulnerability (CVE-2020-14364) which is the result of an out-of-bounds read/write access issue in the USB emulator in QEMU. This vulnerability resides in ./hw/usb/core.c. When the program handles USB packets from a guest, this vulnerability is deemed to exist if USBDevice ‘setup_len’ exceeds its ‘data_buf[4096]’ in the do_token_in and do_token_out routines. An attacker could exploit this vulnerability to cause out-of-bounds read of the 0xffffffff contents following the heap, forcibly terminating the virtual process and realizing VM escape. An attacker with access to a VM operating system in the cloud environment could exploit this vulnerability to gain host privileges to target all tenant hosts within the resource pool that holds the VM. Worse still, the attacker, with his or her gained intranet privileges, could attack systems within the management domain. QEMU (short for quick emulator) is an analog processor written by Fabrice Bellard and others to distribute GPL-licensed source code. It is an underlying commercial component used by numerous cloud vendors. This vulnerability affects most cloud vendors that use OpenStack. Users are advised to take precautionary measures as soon as possible to fix this vulnerability.