Researchers find holes in virtualisation platforms

By

Multiple platforms affected.

Researchers have discovered vulnerabilities in a series of virtualisation software platforms that allow attackers to gain unauthorised access.

Researchers find holes in virtualisation platforms

The holes could be exploited to achieve local privileged escalation and virtual machine escapes on software from vendors Xen, FreeBSD, Microsoft, and RedHat running on 64-bit operating systems on Intel processors.

 

Invisible Things Lab principle researcher Rafal Wojtczuk discovered the flaws, which he said allowed a ring3 attacker to craft a stack frame to be executed by the kernel after a general protection exception.

US CERT’s Jared Allar issued an alert stating that “the fault will be handled before the stack switch, which means the exception handler will be run at ring0 with an attacker's chosen RSP causing a privilege escalation”.

VMware and AMD processors were not affected.

Users were urged to apply vendor patches. More detail is available on the US CERT advisory.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

CBA using facial recognition logins to verify disputed payments

CBA using facial recognition logins to verify disputed payments

Researchers demo AI-crippling GPUHammer attack

Researchers demo AI-crippling GPUHammer attack

Google Gemini for Workspace vulnerable to prompt injection attacks

Google Gemini for Workspace vulnerable to prompt injection attacks

Top US diplomat impersonated with AI by unknown actor

Top US diplomat impersonated with AI by unknown actor

Log In

  |  Forgot your password?