US-CERT warns of guest-to-host VM escape vulnerability

remixedcat · Jun 13, 2012, 11:33 PM

Summary: The vulnerability affects 64-bit operating systems and virtualization software running on Intel CPU hardware.

The U.S. Computer Emergency Readiness Team (CERT) has issued an alert for a dangerous guest-to-host virtual machine escape vulnerability affecting virtualization software from multiple vendors.

The vulnerability, which affects 64-bit operating systems and virtualization software running on Intel CPU hardware, exposes users to local privilege escalation attack or a guest-to-host virtual machine escape.

From the advisory:

A ring3 attacker may be able to specifically craft a stack frame to be executed by ring0 (kernel) after a general protection exception (#GP). The fault will be handled before the stack switch, which means the exception handler will be run at ring0 with an attacker’s chosen RSP causing a privilege escalation.

Affected vendors include Intel Corp., FreeBSD, Microsoft, NetBSD, Oracle, RedHat, SUSE Linux and Xen.

The US-CERT advisory contains a full list of affected software and links to vendor-supplied patches.
VMWare says its products are not affected by this issue.

Jun 13, 2012, 11:33 PM	#1
remixedcat Join Date: May 2010 Posts: 1,226 (1.08/day) Thanks: 788 Thanked 253 Times in 195 Posts System Specs	US-CERT warns of guest-to-host VM escape vulnerability Summary: The vulnerability affects 64-bit operating systems and virtualization software running on Intel CPU hardware. The U.S. Computer Emergency Readiness Team (CERT) has issued an alert for a dangerous guest-to-host virtual machine escape vulnerability affecting virtualization software from multiple vendors. The vulnerability, which affects 64-bit operating systems and virtualization software running on Intel CPU hardware, exposes users to local privilege escalation attack or a guest-to-host virtual machine escape. From the advisory: A ring3 attacker may be able to specifically craft a stack frame to be executed by ring0 (kernel) after a general protection exception (#GP). The fault will be handled before the stack switch, which means the exception handler will be run at ring0 with an attacker’s chosen RSP causing a privilege escalation. Affected vendors include Intel Corp., FreeBSD, Microsoft, NetBSD, Oracle, RedHat, SUSE Linux and Xen. The US-CERT advisory contains a full list of affected software and links to vendor-supplied patches. VMWare says its products are not affected by this issue. __________________ System:Intel i5 3570K @ 3.4Ghz//ASRock Z77 Pro3//Coolemaster Hyper 212 Evo//16GB Corsair XMS3//EVGA Nvidia GTX 650Ti SSC 1GB//128GB Samsung 840 SSD/1.5TB Seagate HDD//Antec Three Hundred Two//620w Antec High Current Gamer HCG-620M//Windows Server 2012 x64 Standard Misc:Samsung SyncMaster P2350 23in@1920x1080+LG Flatron 19in 1440x900//IoSafe Fireproof ext 500GB HDD//Amped Wireless R20000G high power router//APC BackUPS XS1000 UPS Websites: AGNXNetworks//RemixedCat's Place Of Meow Blog

System Name:	RemixedBeast
Processor:	Intel i5 3570K @ 3.4Ghz
Motherboard:	ASRock Z77 Pro3
Cooling:	Coolemaster Hyper 212 Evo
Memory:	16GB Corsair XMS3
Video Card:	EVGA Nvidia GTX 650 Ti SSC 1GB
Hard Disk:	1.5TB Seagate/128GB Samsung 840
Optical Drive:	None
CRT/LCD Model:	Samsung SyncMaster P2350 23in @ 1920x1080 + LG Flatron 19in Widescreen 1440x900
Case:	Antec Three Hundred Two
PSU:	620w Antec High Current Gamer HCG-620M
Software:	Windows Server 2012 x64 Standard

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Fraudulent SSL cert minted for Firefox addons site	qubit	Networking & Security	2	Sep 1, 2011 10:47 AM
How to test escape key?	OrbitzXT	General Hardware	5	Jun 12, 2010 08:52 PM
Looking for someone who uses Blue Host or Monster Host for their website	reverze	Programming & Webmastering	4	Jun 11, 2010 03:09 AM

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)