Virtual machine escape

Updated on Dec 16, 2023

Edit

Comment

In computer security, virtual machine escape is the process of breaking out of a virtual machine and interacting with the host operating system. A virtual machine is a "completely isolated guest operating system installation within a normal host operating system". In 2008, a vulnerability (CVE-2008-0923) in VMware discovered by Core Security Technologies made VM escape possible on VMWare Workstation 6.0.2 and 5.5.4. A fully working exploit labeled Cloudburst was developed by Immunity Inc. for Immunity CANVAS (commercial penetration testing tool). Cloudburst was presented in Black Hat USA 2009.

Previous known vulnerabilities

CVE-2007-1744 Directory traversal vulnerability in shared folders feature for VMware

CVE-2008-0923 Directory traversal vulnerability in shared folders feature for VMware

CVE-2009-1244 Cloudburst: VM display function in VMware

CVE-2012-0217 The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier

CVE-2014-0983 Oracle VirtualBox 3D acceleration multiple memory corruption

CVE-2015-3456 VENOM: buffer-overflow in QEMU's virtual floppy disk controller

CVE-2015-7835 Xen Hypervisor: Uncontrolled creation of large page mappings by PV guests

CVE-2016-6258 Xen Hypervisor: The PV pagetable code has fast-paths for making updates to pre-existing pagetable entries, to skip expensive re-validation in safe cases (e.g. clearing only Access/Dirty bits). The bits considered safe were too broad, and not actually safe.

CVE-2016-7092 Xen Hypervisor: Disallow L3 recursive pagetable for 32-bit PV guests

CVE-2017-0075 Hyper-V Remote Code Execution Vulnerability

CVE-2017-0109 Hyper-V Remote Code Execution Vulnerability

CVE-2017-4903 VMWare ESXi, Workstation, Fusion: SVGA driver contains buffer overflow that may allow guests to execute code on hosts

References

Virtual machine escape Wikipedia

(Text) CC BY-SA