Shulou(Shulou.com)06/01 Report--

This article introduces you how to achieve VirtualBox virtual machine escape vulnerability notification, the content is very detailed, interested friends can refer to, hope to be helpful to you.

0x00 vulnerability background

2020-04-24, 360CERT monitoring found that security vendors in the industry issued a risk notice for VirtualBox virtual machine escape vulnerabilities, the vulnerability number is CVE-2020-2905, vulnerability level: high risk.

USB3.0 XHCI module is the communication module in VirtualBox which is responsible for connecting virtual machines to USB3.0 devices.

There is an out-of-bounds write vulnerability in the VirtualBox USB 3.0 XHCI module, and a local attacker can cause the virtual machine to escape by executing specific programs within the virtual machine.

In this regard, 360CERT recommends that the majority of users timely install the latest patches, do a good job of asset self-examination and prevention work, so as to avoid hacker attacks.

0x01 risk rating

360CERT's assessment of the vulnerability is as follows

Assessment methods, threat levels, high risk impact surfaces, general 0x02 vulnerability details

The vulnerability was discovered by the Alipay security team. The analysis report is as follows

The vulnerability is an array out of bounds read and write, exists in the xhciR3WriteEvent function, the iIntr parameter can be controlled by the attacker. From the Structures section of IDA Pro, you can see that the aInterrupters array has only eight elements, but the value of iIntr can be 0# 1023. IIntr is used to index the aInterrupters array, but the code does not validate the iIntra value, resulting in a heap overflow.

Availability analysis

An attacker can write out of bounds. For example, in the function xhciR3WriteEvent, the variable v4 is controlled by the attacker. The following code writes the value of v4 to v7-> errp, which is the out-of-bounds address taken from the aInterrupters array.

Through the memory layout, the attacker lays out the key data structures in the code after the data content written out of bounds, and can overwrite the values of the key data structures, thus causing the virtual machine to escape.

0x03 affects version

VirtualBox:6.1.6 below version

0x04 repair recommendations General patching recommendations:

Upgrade to version 6.1.6 and download from:

Https://www.virtualbox.org/wiki/Downloads

0x05 product side solution 360Security Guard

For this security update, Windows users can install the corresponding patch through the 360 security guard, and users on other platforms can update the flawed products according to the updated version of the product in the repair proposal.

On how to achieve VirtualBox virtual machine escape vulnerability notice is shared here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.