![]() ![]() CVE- 2018-12130, CVE- 2019-11135, CVE- 2020-0548: ZombieLoad, ZombieLoad v2, Vector Register Sampling (VRS), Microarchitectural Data Sampling (MDS), Transactional Asynchronous Abort (TAA), CacheOut, L1D Eviction Sampling (L1DES): L1 cache side attacks on CPU level allow virtual machines to read memory outside of their sandbox.CVE- 2019-5183 (critical), CVE- 2019-5124, CVE- 2019-5146, CVE- 2019-5147: Windows 10 and VMWare Workstation using AMD Radeon graphics cards using Adrenalin driver: attacker in guest system can use pixel shader to cause memory error on the host system, injecting malicious code to the host system and execute it.Sub types: Microarchitectural Store Buffer Data Sampling (MSBDS), Microarchitectural Fill Buffer Data Sampling (MFBDS) = Zombieload, Microarchitectural Load Port Data Sampling (MLPDS), and Microarchitectural Data Sampling Uncacheable Memory (MDSUM) CVE- 2018-12126, CVE- 2018-12130, CVE- 2018-12127, CVE- 2019-11091: "Microarchitectural Data Sampling" (MDS) attacks: Similar to above Spectre and Meltdown attacks, this cache side-channel attack on CPU level allows to read data across VMs and even data of the host system.CVE- 2018-6981 VMware ESXi, Workstation, Fusion: Uninitialized stack memory usage in the vmxnet3 virtual network adapter.CVE- 2018-2698 Oracle VirtualBox: shared memory interface by the VGA allows read and writes on the host OS.CVE- 2017-4936 VMware Workstation, Horizon View : Multiple out-of-bounds read issues via Cortado ThinPrint may allow a guest to execute code or perform a Denial of Service on the Windows OS.CVE- 2017-4934 VMware Workstation, Fusion: Heap buffer-overflow vulnerability in VMNAT device that may allow a guest to execute code on the host.CVE- 2017-4903 VMware ESXi, Workstation, Fusion: SVGA driver contains buffer overflow that may allow guests to execute code on hosts.CVE- 2017-0109 Hyper-V Remote Code Execution Vulnerability.CVE- 2017-0075 Hyper-V Remote Code Execution Vulnerability.CVE-2017-5715, 2017-5753, 2017-5754: The Spectre and Meltdown hardware vulnerabilities, a cache side-channel attack on CPU level (Rogue Data Cache Load (RDCL)), allow a rogue process to read all memory of a computer, even outside the memory assigned to a virtual machine.CVE- 2016-7092 Xen Hypervisor: Disallow 元 recursive pagetable for 32-bit PV guests.The bits considered safe were too broad, and not actually safe. CVE- 2016-6258 Xen Hypervisor: The PV pagetable code has fast-paths for making updates to pre-existing pagetable entries, to skip expensive re-validation in safe cases (e.g.CVE- 2015-7835 Xen Hypervisor: Uncontrolled creation of large page mappings by PV guests.CVE- 2015-7504 QEMU-KVM: Heap overflow in pcnet_receive function.CVE- 2015-3456 VENOM: buffer-overflow in QEMU's virtual floppy disk controller.CVE- 2014-0983 Oracle VirtualBox 3D acceleration multiple memory corruption.CVE- 2012-0217 The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier.CVE- 2011-1751 QEMU-KVM: PIIX4 emulation does not check if a device is hotpluggable before unplugging.CVE- 2009-1244 Cloudburst: VM display function in VMware.CVE- 2008-1943 Xen Para Virtualized Frame Buffer backend buffer overflow.CVE- 2008-0923 Directory traversal vulnerability in shared folders feature for VMware.CVE- 2007-1744 Directory traversal vulnerability in shared folders feature for VMware.CVE- 2007-4993 Xen pygrub: Command injection in nf file.Cloudburst was presented in Black Hat USA 2009. for Immunity CANVAS (commercial penetration testing tool). A fully working exploit labeled Cloudburst was developed by Immunity Inc. In 2008, a vulnerability ( CVE- 2008-0923) in VMware discovered by Core Security Technologies made VM escape possible on VMware Workstation 6.0.2 and 5.5.4. A virtual machine is a "completely isolated guest operating system installation within a normal host operating system". In computer security, virtual machine escape is the process of a program breaking out of the virtual machine on which it is running and interacting with the host operating system. Method of compromising a host OS though the VM
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |