Recent Posts
Archives

AI BEA CTO Cybersecurity DefCon32 Devoxx DevoxxBE2023 DevoxxBE2024 DevoxxFR DevoxxGR2025 DevoxxGreece2025 DevoxxPL2022 DevoxxPoland DevoxxUK2024 DevoxxUS2017 Docker Eclipse EJB GWT Hibernate IntelliJ IDEA Java Jetty JMS Jonathan Lalou JSF Kotlin Kubernetes Maven Maven 2 Microservices Mule Mule ESB Oracle OxidizeConf2024 Python recommendation RustLang Security Spring SQL Tomcat tutorial Weblogic Weblogic 10

Posts Tagged ‘YueLiu’

PostHeaderIcon [DefCon32] Bug Hunting in VMware Device Virtualization

Author: Jonathan Lalou

JiaQing Huang, Hao Zheng, and Yue Liu, security researchers at Shanghai Jiao Tong University, explore an uncharted attack surface in VMware’s device virtualization within the VMKernel. Their presentation unveils eight vulnerabilities, three assigned CVEs, discovered through reverse-engineering. JiaQing, Hao, and Yue provide insights into exploiting these flaws, some successfully demonstrated at Tianfu Cup, and discuss their implications for virtual machine security.

Exploring VMware’s VMKernel

JiaQing introduces the VMKernel’s device virtualization, focusing on the virtual machine monitor (vmm) and UserRPC mechanisms that enable communication between the hypervisor and host. Their reverse-engineering, conducted at Shanghai Jiao Tong University, uncovered vulnerabilities in USB and SCSI emulation, revealing a previously unexplored attack surface critical to VMware Workstation and ESXi.

USB System Vulnerabilities

Hao details flaws in the USB system, including the host controller, VUsb middleware, and backend devices. Their analysis identified exploitable issues, such as improper input validation, that could allow attackers to manipulate virtual devices. By exploiting these vulnerabilities, Hao and his team achieved privilege escalation, demonstrating the risks to virtualized environments.

SCSI Emulation Flaws

Yue focuses on the SCSI-related emulation in VMware’s virtual disk system, highlighting differences between Workstation and ESXi. Their discovery of an out-of-bounds write in the unmap command, due to unchecked parameter lengths, caused system crashes. Yue’s analysis underscores design flaws in disk emulation, exposing potential avenues for virtual machine escape.

Mitigating Virtualization Risks

Concluding, JiaQing proposes enhancing sandbox protections and elevating process privileges to prevent exploits. Their work, officially confirmed by VMware, calls for robust mitigation strategies to secure virtual environments. By sharing their findings, JiaQing, Hao, and Yue encourage researchers to explore VMKernel security, strengthening virtualization against emerging threats.

Links:

Posted in en-US | Tags: , , , , , , , | No Comments »
(c) 2008 Jonathan Lalou's Blog
All Rights Reserved.

Powered by WordPress and WordPress Theme | Host-euro.