Nytro Posted May 9, 2020 Report Posted May 9, 2020 Disclosure Note CVE-2019-0717: Hyper-V vmswitch.sys Out of Bounds Read DoS Vulnerability I found this bug in 2018 with a custom fuzzer that I wrote as part of the initial reconnaissance of Microsoft Hyper-V architecture and attack vectors. This is a Tier 1 [host OS kernel] vulnerability per the Microsoft's taxonomy, that qualifies for a $50K bounty via the Microsoft Azure Bounty Program. Credits Vulnerability discovery and analysis, Proof-of-concept: Alisa Esage [0days.engineer] Sura: https://github.com/badd1e/Disclosures/tree/master/CVE-2019-0717_Hyper-V Quote
