Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

0-day e1k ethernet driver guest to host escape
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
n05ph3r42
Tux's lil' helper
Tux's lil' helper


Joined: 11 Jul 2016
Posts: 134
PostPosted: Wed Nov 07, 2018 10:24 am    Post subject: 0-day e1k ethernet driver guest to host escape Reply with quote
e1k driver can be used to escape from guest and execute code in host's ring3.

Explanation & PoC (ru): https://habr.com/post/429004/
video: https://player.vimeo.com/video/299325088?byline=0&badge=0

vulnerable
<= VirtualBox 5.2.20 using e1000 NAT
also all systems using e1k with NAT should be vulnerable too (KVM etc)
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 9681
Location: almost Mile High in the USA
PostPosted: Fri Nov 16, 2018 9:23 am    Post subject: Reply with quote
Thanks for the report.
ugh... may have to switch all to virtio for all my guests on my KVM when I can... or use 8139 for noncritical...
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
n05ph3r42
Tux's lil' helper
Tux's lil' helper


Joined: 11 Jul 2016
Posts: 134
PostPosted: Fri Nov 16, 2018 9:35 am    Post subject: Reply with quote
The bug is already fixed in VBox with latest update. Exploit sample heavily relies on RVA's specific to VBox.
I'm not sure is there exploits in the wild for KVM. It should use different RVA & Write&Read primitives.
E.G. i think you should no worry for your KVM. Skills required to implement exploit for it is high == it have same risk as any other 0day (uncovered).
UPDATED: ive not checked is KVM uses same e1k realization as VBox.
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 6920
PostPosted: Sat Nov 17, 2018 9:38 am    Post subject: Reply with quote
This doesn't matter in KVM, it has virtio-net for non-legacy OSes.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy