|
jeff via plug on 28 Aug 2019 08:31:54 -0700
|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
- From: jeff via plug <plug@lists.phillylinux.org>
- To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
- Subject: [PLUG] QEMM VM escape
- Date: Wed, 28 Aug 2019 11:31:47 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcastmailservice.net; s=20180828_2048; t=1567006309; bh=+CnySRAz+IQc/Ykwb/f8b55Kk2ZZ5Ll2u/39if+QIFU=; h=Received:Received:To:From:Subject:Message-ID:Date:MIME-Version: Content-Type; b=BIj3xypS4KTKyo1FLJAMwCm8HKPyJpjOo36iR5rcHcTyp6/tYsSK1GrSUq+iY2uGe HOXn/J+MLrKolynN5KQMfLVc1sdCfIVuUXR+5HKKkmQIbFq1hulfqAAJl3OwRcV8pO S5dQPVdU3kUhu04V8ATj/If+EDSCweY8kzJsmODDXXtKh2lQ02bd3VQpthx/lBGG5m oUjnWbdAbMcHbqLu9ciEl7Wkt59lx9/DDnu9nu4UbaTUSev21Hdh5xeMpYFn4G7RSC QaDjWXJixpJjUzu2g5bzORlFF3GUJyFUS5kitwf0NW+IiCtdZCtN7AWfl1uRpN11N1 40anbelMqvhlw==
- Reply-to: jeff <jeffv@op.net>
- Sender: "plug" <plug-bounces@lists.phillylinux.org>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
https://blog.bi0s.in/2019/08/24/Pwn/VM-Escape/2019-07-29-qemu-vm-escape-cve-2019-14378/
tl;dr
This post will describe how I exploited CVE-2019-14378, which is a
pointer miscalculation in network backend of QEMU. The bug is triggered
when large IPv4 fragmented packets are reassembled for processing. It
was found by code auditing.
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug