Категории

Scavenger: Misuse Error Handling Leading to Qemu/KVM Escape

Опубликовано: 04 Октябрь 2024
на канале: Black Hat
1,169
19

Error handling code is used extensively in hypervisors, which is designed to capture unexpected behaviors and avoid crashing the vm, such as invalid inputs from guest users and insufficient memory. However, we find that incorrect use of error handling code or missing error propagation can lead to security problems such as privilege escalation. In this briefing, we demonstrate how to achieve a full guest-to-host escape exploitation through a misuse error handling code.....

By:
Xingwei Lin, Gaoning Pan, Jiashui Wang, Chunming Wu, Xinlei Ying Ying

Full Abstract & Presentation Materials:
https://www.blackhat.com/asia-21/brie...

play_arrow
2,741
102

Едем в Сочи! Дерево Дружбы / The Friendship Tree in Sochi

Едем в Сочи! Дерево Дружбы / The Friendship Tree in Sochi
play_arrow
6,550
406

СКЕТЧ | CHUGARIN DANIIL

СКЕТЧ | CHUGARIN DANIIL
play_arrow
14,268
222

ИВАНГАЙ - ЯРИК ЛАПА СЕКС

ИВАНГАЙ - ЯРИК ЛАПА СЕКС
play_arrow
350
11

Text messaging App in Android with permissions access in studio || Android App Developement

Text messaging App in Android with permissions access in studio || Android App Developement
play_arrow
231
29

Response to Atheist arguments AGAINST inspiration of Scripture Pastor Answers

Response to Atheist arguments AGAINST inspiration of Scripture Pastor Answers
play_arrow
1,231
80

Горячие бутерброды вместо пиццы!!Хрустящая основа и сочная начинка!

Горячие бутерброды вместо пиццы!!Хрустящая основа и сочная начинка!
play_arrow
10
0

[Non English] 1.7 Khmer Language

[Non English] 1.7 Khmer Language
play_arrow
25,156
367

Standart aka Техник черепашки для полировки гранита.

Standart aka Техник черепашки для полировки гранита.
Похожие видео
play_arrow
Keynote - Securing Our Cyberspace Together

Keynote - Securing Our Cyberspace Together
play_arrow
Fireside Chat: Jeff Moss and Ruimin He

Fireside Chat: Jeff Moss and Ruimin He
play_arrow
LinkDoor: A Hidden Attack Surface in the Android Netlink Kernel Modules

LinkDoor: A Hidden Attack Surface in the Android Netlink Kernel Modules
play_arrow
Emerging Frontiers: Insights from the Black Hat Asia Review Board

Emerging Frontiers: Insights from the Black Hat Asia Review Board
play_arrow
What the TrustZone-M Doesn't See, the MCU Does Grieve Over: Lessons Learned

What the TrustZone-M Doesn't See, the MCU Does Grieve Over: Lessons Learned
play_arrow
The Hack@DAC Story: Learnings from Organizing the World's Largest Hardware Hacking Competition

The Hack@DAC Story: Learnings from Organizing the World's Largest Hardware Hacking Competition
play_arrow
Privacy Detective: Sniffing Out Your Data Leaks for Android

Privacy Detective: Sniffing Out Your Data Leaks for Android
play_arrow
Debug7: Leveraging a Firmware Modification Attack for Remote Debugging of Siemens S7 PLCs

Debug7: Leveraging a Firmware Modification Attack for Remote Debugging of Siemens S7 PLCs
play_arrow
The Final Chapter: Unlimited ways to bypass your macOS privacy mechanisms

The Final Chapter: Unlimited ways to bypass your macOS privacy mechanisms
play_arrow
One Flip is All It Takes: Identifying Syscall-Guard Variables for Data-Only Attacks

One Flip is All It Takes: Identifying Syscall-Guard Variables for Data-Only Attacks
play_arrow
Faults in Our Bus: Novel Bus Fault Attack to Break Trusted Execution Environments

Faults in Our Bus: Novel Bus Fault Attack to Break Trusted Execution Environments
play_arrow
You Shall Not PASS - Analysing a NSO iOS Spyware Sample

You Shall Not PASS - Analysing a NSO iOS Spyware Sample