US-CERT warns of guest-to-host VM escape vulnerability

The vulnerability affects 64-bit operating systems and virtualization software running on Intel CPU hardware.

The U.S. Computer Emergency Readiness Team (CERT) has issued an alert for a dangerous guest-to-host virtual machine escape vulnerability affecting virtualization software from multiple vendors.

The vulnerability, which affects 64-bit operating systems and virtualization software running on Intel CPU hardware, exposes users to local privilege escalation attack or a guest-to-host virtual machine escape.

From the advisory:

follow Ryan Naraine on twitter

A ring3 attacker may be able to specifically craft a stack frame to be executed by ring0 (kernel) after a general protection exception (#GP). The fault will be handled before the stack switch, which means the exception handler will be run at ring0 with an attacker's chosen RSP causing a privilege escalation.

Affected vendors include Intel Corp., FreeBSD, Microsoft, NetBSD, Oracle, RedHat, SUSE Linux and Xen.

The US-CERT advisory contains a full list of affected software and links to vendor-supplied patches.

VMWare says its products are not affected by this issue.

* Photo credit: Flickr/OakleyOriginals (CC 2.0)

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All