[PLUG] QEMM VM escape

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

• From: jeff via plug <plug@lists.phillylinux.org>
• To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
• Subject: [PLUG] QEMM VM escape
• Date: 2019年8月28日 11:31:47 -0400
• Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcastmailservice.net; s=20180828_2048; t=1567006309; bh=+CnySRAz+IQc/Ykwb/f8b55Kk2ZZ5Ll2u/39if+QIFU=; h=Received:Received:To:From:Subject:Message-ID:Date:MIME-Version: Content-Type; b=BIj3xypS4KTKyo1FLJAMwCm8HKPyJpjOo36iR5rcHcTyp6/tYsSK1GrSUq+iY2uGe HOXn/J+MLrKolynN5KQMfLVc1sdCfIVuUXR+5HKKkmQIbFq1hulfqAAJl3OwRcV8pO S5dQPVdU3kUhu04V8ATj/If+EDSCweY8kzJsmODDXXtKh2lQ02bd3VQpthx/lBGG5m oUjnWbdAbMcHbqLu9ciEl7Wkt59lx9/DDnu9nu4UbaTUSev21Hdh5xeMpYFn4G7RSC QaDjWXJixpJjUzu2g5bzORlFF3GUJyFUS5kitwf0NW+IiCtdZCtN7AWfl1uRpN11N1 40anbelMqvhlw==
• Reply-to: jeff <jeffv@op.net>
• Sender: "plug" <plug-bounces@lists.phillylinux.org>
• User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0

---

https://blog.bi0s.in/2019/08/24/Pwn/VM-Escape/2019-07-29-qemu-vm-escape-cve-2019-14378/
tl;dr

This post will describe how I exploited CVE-2019-14378, which is a pointer miscalculation in network backend of QEMU. The bug is triggered when large IPv4 fragmented packets are reassembled for processing. It was found by code auditing.

___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

---

• Prev by Date: Re: [PLUG] What's a small document scanner that's easy to use?
• Next by Date: [PLUG] Speakers needed for Central on Wed Sep 4
• Previous by thread: Re: [PLUG] Avoid Alignable.com -- They use contact harvesting and spam
• Next by thread: [PLUG] Speakers needed for Central on Wed Sep 4
• Index(es):
  • Date
  • Thread