Virtual machine escape

Last updated

In computer security, virtual machine (VM) escape is the process of a program breaking out of the virtual machine on which it is running and interacting with the host operating system. [1] In theory, a virtual machine is a "completely isolated guest operating system installation within a normal host operating system", [2] but this isn't always the case in practice.

Contents

For example, in 2008, a vulnerability (CVE - 2008-0923) in VMware discovered by Core Security Technologies made VM escape possible on VMware Workstation 6.0.2 and 5.5.4. [3] [4] A fully working exploit labeled Cloudburst was developed by Immunity Inc. for Immunity CANVAS (a commercial penetration testing tool). [5] Cloudburst was presented at Black Hat USA 2009. [6]

Previous known vulnerabilities

See also

Related Research Articles

<span class="mw-page-title-main">Virtual machine</span> Software that emulates an entire computer

In computing, a virtual machine (VM) is the virtualization or emulation of a computer system. Virtual machines are based on computer architectures and provide the functionality of a physical computer. Their implementations may involve specialized hardware, software, or a combination of the two. Virtual machines differ and are organized by their function, shown here:

<span class="mw-page-title-main">VMware</span> Multi-cloud service provider for all apps

VMware LLC is an American cloud computing and virtualization technology company headquartered in Palo Alto, California. VMware was the first commercially successful company to virtualize the x86 architecture.

<span class="mw-page-title-main">Xen</span> Type-1 hypervisor

Xen is a free and open-source type-1 hypervisor, providing services that allow multiple computer operating systems to execute on the same computer hardware concurrently. It was originally developed by the University of Cambridge Computer Laboratory and is now being developed by the Linux Foundation with support from Intel, Citrix, Arm Ltd, Huawei, AWS, Alibaba Cloud, AMD, Bitdefender and EPAM Systems.

x86 virtualization is the use of hardware-assisted virtualization capabilities on an x86/x86-64 CPU.

A hypervisor, also known as a virtual machine monitor (VMM) or virtualizer, is a type of computer software, firmware or hardware that creates and runs virtual machines. A computer on which a hypervisor runs one or more virtual machines is called a host machine, and each virtual machine is called a guest machine. The hypervisor presents the guest operating systems with a virtual operating platform and manages the execution of the guest operating systems. Unlike an emulator, the guest executes most instructions on the native hardware. Multiple instances of a variety of operating systems may share the virtualized hardware resources: for example, Linux, Windows, and macOS instances can all run on a single physical x86 machine. This contrasts with operating-system–level virtualization, where all instances must share a single kernel, though the guest operating systems can differ in user space, such as different Linux distributions with the same kernel.

<span class="mw-page-title-main">QEMU</span> Free virtualization and emulation software

The Quick Emulator (QEMU) is a free and open-source emulator that uses dynamic binary translation to emulate a computer's processor; that is, it translates the emulated binary codes to an equivalent binary format which is executed by the machine. It provides a variety of hardware and device models for the virtual machine, enabling it to run different guest operating systems. QEMU can be used with a Kernel-based Virtual Machine (KVM) to emulate hardware at near-native speeds. Additionally, it supports user-level processes, allowing applications compiled for one processor architecture to run on another.

Platform virtualization software, specifically emulators and hypervisors, are software packages that emulate the whole physical computer machine, often providing multiple virtual machines on one physical platform. The table below compares basic information about platform virtualization hypervisors.

In computing, virtualization is the use of a computer to simulate another computer. The following is a chronological list of virtualization technologies.

<span class="mw-page-title-main">VMware ESXi</span> Enterprise-class, type-1 hypervisor for deploying and serving virtual computers

VMware ESXi is an enterprise-class, type-1 hypervisor developed by VMware, a subsidiary of Broadcom, for deploying and serving virtual computers. As a type-1 hypervisor, ESXi is not a software application that is installed on an operating system (OS); instead, it includes and integrates vital OS components, such as a kernel.

<span class="mw-page-title-main">Kernel-based Virtual Machine</span> Virtualization module in the Linux kernel

Kernel-based Virtual Machine (KVM) is a free and open-source virtualization module in the Linux kernel that allows the kernel to function as a hypervisor. It was merged into the mainline Linux kernel in version 2.6.20, which was released on February 5, 2007. KVM requires a processor with hardware virtualization extensions, such as Intel VT or AMD-V. KVM has also been ported to other operating systems such as FreeBSD and illumos in the form of loadable kernel modules.

Hardware virtualization is the virtualization of computers as complete hardware platforms, certain logical abstractions of their componentry, or only the functionality required to run various operating systems. Virtualization emulates the hardware environment of its host architecture, allowing multiple OSes to run unmodified and in isolation. At its origins, the software that controlled virtualization was called a "control program", but the terms "hypervisor" or "virtual machine monitor" became preferred over time.

VMDK is a file format that describes containers for virtual hard disk drives to be used in virtual machines like VMware Workstation or VirtualBox.

<span class="mw-page-title-main">Virtualization</span> Methods for dividing computing resources

In computing, virtualization (v12n) is a series of technologies that allows dividing of physical computing resources into a series of virtual machines, operating systems, processes or containers.

Live migration, also called migration, refers to the process of moving a running virtual machine (VM) or application between different physical machines without disconnecting the client or application. Memory, storage, and network connectivity of the virtual machine are transferred from the original guest machine to the destination. The time between stopping the VM or application on the source and resuming it on destination is called 'downtime'. When the downtime of a VM during live migration is small enough that it is not noticeable by the end user, it is called a 'seamless' live migration.

libvirt Management tool

libvirt is an open-source API, daemon and management tool for managing platform virtualization. It can be used to manage KVM, Xen, VMware ESXi, QEMU and other virtualization technologies. These APIs are widely used in the orchestration layer of hypervisors in the development of a cloud-based solution.

Second Level Address Translation (SLAT), also known as nested paging, is a hardware-assisted virtualization technology which makes it possible to avoid the overhead associated with software-managed shadow page tables.

GPU virtualization refers to technologies that allow the use of a GPU to accelerate graphics or GPGPU applications running on a virtual machine. GPU virtualization is used in various applications such as desktop virtualization, cloud gaming and computational science.

Hyperjacking is an attack in which a hacker takes malicious control over the hypervisor that creates the virtual environment within a virtual machine (VM) host. The point of the attack is to target the operating system that is below that of the virtual machines so that the attacker's program can run and the applications on the VMs above it will be completely oblivious to its presence.

Intel Software Guard Extensions (SGX) is a set of instruction codes implementing trusted execution environment that are built into some Intel central processing units (CPUs). They allow user-level and operating system code to define protected private regions of memory, called enclaves. SGX is designed to be useful for implementing secure remote computation, secure web browsing, and digital rights management (DRM). Other applications include concealment of proprietary algorithms and of encryption keys.

Transient execution CPU vulnerabilities are vulnerabilities in which instructions, most often optimized using speculative execution, are executed temporarily by a microprocessor, without committing their results due to a misprediction or error, resulting in leaking secret data to an unauthorized party. The archetype is Spectre, and transient execution attacks like Spectre belong to the cache-attack category, one of several categories of side-channel attacks. Since January 2018 many different cache-attack vulnerabilities have been identified.

References

  1. "What is VM Escape? - The Lone Sysadmin". 22 September 2007. Archived from the original on 9 December 2011. Retrieved 23 October 2011.
  2. "Virtual Machines: Virtualization vs. Emulation". Archived from the original on 2014-07-15. Retrieved 2011-03-11.
  3. "Path Traversal vulnerability in VMware's shared folders implementation". 18 May 2016.
  4. Dignan, Larry. "Researcher: Critical vulnerability found in VMware's desktop apps - ZDNet". ZDNet . Archived from the original on November 29, 2014.
  5. "Security Monitoring News, Analysis, Discussion, & Community". Dark Reading. Archived from the original on 2011-07-19. Retrieved 2011-10-23.
  6. "Black Hat ® Technical Security Conference: USA 2009 // Briefings". www.blackhat.com.
  7. "DEFCON 19: Virtunoid: Breaking out of KVM" (PDF). Nelson Elhage. Archived (PDF) from the original on 2024-12-04. Retrieved 2024-12-24.
  8. "VM escape - QEMU Case Study". Mehdi Talbi & Paul Fariello.
  9. "VMSA-2017-0006". VMware. Archived from the original on 2017-04-01. Retrieved 2017-04-01.
  10. 1 2 "VMSA-2017-0018.1". VMware. Archived from the original on 2017-11-18. Retrieved 2017-11-17.
  11. "CVE-2018-2698". exploit-db.com: Oracle VirtualBox < 5.1.30 / < 5.2-rc1 - Guest to Host Escape. 24 January 2018. Archived from the original on 10 December 2024. Retrieved 24 December 2024.
  12. "Chaos Communication Congress 2019: The Great Escape of ESXi". media.ccc.de. 28 December 2019.
  13. "CVE-2019-18420 to 18425". Patches beheben Schwachstellen in Xen und Citrix Hypervisor. 5 November 2019. Archived from the original on 5 November 2019. Retrieved 5 November 2019.
  14. "CVE-2019-0964 (critical), CVE-2019-5124, CVE-2019-5146, CVE-2019-5147". Sicherheitsupdate: AMD-Treiber und VMware. 22 January 2020. Archived from the original on 22 January 2020. Retrieved 22 January 2020.
  15. Mantle, Mark (2020-01-28). "Sicherheitslücken in Intel-CPUs: Modifizierte Angriffe erfordern BIOS-Updates". Heise (in German). Archived from the original on 2024-01-10. Retrieved 2024-01-10.
  16. "CVE-2020-3962, CVE-2020-3963, CVE-2020-3964, CVE-2020-3965, CVE-2020-3966, CVE-2020-3967, CVE-2020-3968, CVE-2020-3969, CVE-2020-3970, CVE-2020-3971". VMWare Advisory VMSA-2020-0015.1.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.