“Virtual machine escape”的意思、由来-开放百科全书

In computer security, virtual machine escape is the process of breaking out of a virtual machine and interacting with the host operating system.^[1] A virtual machine is a "completely isolated guest operating system installation within a normal host operating system".^[2] In 2008, a vulnerability (CVE-2008-0923) in VMware discovered by Core Security Technologies made VM escape possible on VMware Workstation 6.0.2 and 5.5.4.^[3]^[4] A fully working exploit labeled Cloudburst was developed by Immunity Inc. for Immunity CANVAS (commercial penetration testing tool).^[5] Cloudburst was presented in Black Hat USA 2009.^[6]

Previous known vulnerabilities

CVE-2007-1744 Directory traversal vulnerability in shared folders feature for VMware

CVE-2008-0923 Directory traversal vulnerability in shared folders feature for VMware

CVE-2009-1244 Cloudburst: VM display function in VMware

CVE-2012-0217 The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier

CVE-2014-0983 Oracle VirtualBox 3D acceleration multiple memory corruption

CVE-2015-3456 VENOM: buffer-overflow in QEMU's virtual floppy disk controller

CVE-2015-7835 Xen Hypervisor: Uncontrolled creation of large page mappings by PV guests

CVE-2016-6258 Xen Hypervisor: The PV pagetable code has fast-paths for making updates to pre-existing pagetable entries, to skip expensive re-validation in safe cases (e.g. clearing only Access/Dirty bits). The bits considered safe were too broad, and not actually safe.

CVE-2016-7092 Xen Hypervisor: Disallow L3 recursive pagetable for 32-bit PV guests

CVA-2017-5715, 2017-5753, 2017-5754: The Spectre and Meltdown hardware vulnerabilities, a cache side-channel attack on CPU level (Rogue Data Cache Load (RDCL)), allow a rogue process to read all memory of a computer, even outside the memory assigned to a virtual machine

CVE-2017-0075 Hyper-V Remote Code Execution Vulnerability

CVE-2017-0109 Hyper-V Remote Code Execution Vulnerability

CVE-2017-4903 VMware ESXi, Workstation, Fusion: SVGA driver contains buffer overflow that may allow guests to execute code on hosts^[7]

CVE-2017-4934 VMware Workstation, Fusion: Heap buffer-overflow vulnerability in VMNAT device that may allow a guest to execute code on the host^[8]

CVE-2017-4936 VMware Workstation, Horizon View : Multiple out-of-bounds read issues via Cortado ThinPrint may allow a guest to execute code or perform a Denial of Service on the Windows OS^[8]

CVE-2018-2698 Oracle VirtualBox: shared memory interface by the VGA allows read and writes on the host OS^[9]

References

1. ^{{cite web|url=http://lonesysadmin.net/2007/09/22/what-is-vm-escape/|title=What is VM Escape? - The Lone Sysadmin|date=22 September 2007|publisher=}}
2. ^{{Cite web|url=http://www.griffincaprio.com/blog/2006/08/virtual-machines-virtualization-vs-emulation.html |title=Virtual Machines: Virtualization vs. Emulation |accessdate=2011-03-11 }}
3. ^{{cite web|url=http://www.coresecurity.com/content/advisory-vmware|title=Path Traversal vulnerability in VMware's shared folders implementation|date=18 May 2016|publisher=}}
4. ^{{cite web|url=http://www.zdnet.com/blog/security/researcher-critical-vulnerability-found-in-vmwares-desktop-apps/902|title=Researcher: Critical vulnerability found in VMware's desktop apps - ZDNet|first=Larry|last=Dignan|publisher=}}
5. ^{{cite web|url=http://www.darkreading.com/security-services/167801101/security/application-security/217701908/hacking-tool-lets-a-vm-break-out-and-attack-its-host.html|title=Security Monitoring News, Analysis, Discussion, & Community|website=Dark Reading}}
6. ^{{cite web|url=https://www.blackhat.com/html/bh-usa-09/bh-usa-09-speakers.html|title=Black Hat ® Technical Security Conference: USA 2009 // Briefings|website=www.blackhat.com}}
7. ^{{cite web|url=https://www.vmware.com/security/advisories/VMSA-2017-0006.html|title=VMSA-2017-0006|website=VMware}}
8. ^¹{{cite web|url=https://www.vmware.com/security/advisories/VMSA-2017-0018.html|title=VMSA-2017-0018.1|website=VMware}}
9. ^{{cite web|url=https://blogs.securiteam.com/index.php/archives/3649|title=CVE-2018-2698|website=securiteam.com: Oracle VirtualBox Multiple Guest to Host Escape Vulnerabilities}}

Previous known vulnerabilities

See also

References

External links