VM Breakout
The running belief with virtualization is that the virtual machines are completely sandboxed from their host machine. This was true until the discovery of this exploit. Following proper disclosure processes, the exploit was reported to VMware prior to the conference and a patch has since been created. This doesn’t help people that forget or don’t patch their systems.
Discovered by Kostya Kortchinsky, the bug is in how the display driver accesses screen positions and reads and writes it to memory. The functions that would normally be used for drawing to the screen can be used to read sections of the memory that would normally be blind to the virtual machine. It boils down to some developer forgetting to put a bounds check on the range that the function uses. When you insert a negative value it begins to either read or write to the “invisible” memory, depending on the function. This exploit has huge implications for the enterprise market, where virtualization is prevalent. All that a hacker would need to do is gain access to an insecure virtual machine, utilize the exploit to run malicious code and elevate them self to have root control over the host machine, and in turn control over all of the virtual machines. The slides for the presentation can be found here and the whitepaper detailing the exploit found here.
I liked it. So much useful material. I read with great interest.
Very much enjoyed this! Well done!