VirtualBox VM Escape Vulnerability: Integer Overflow Leads to Host Compromise

Popular：

Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

VirtualBox VM Escape Vulnerability: Integer Overflow Leads to Host Compromise

2025-05-17

A high-severity integer overflow vulnerability in VirtualBox's vmsvga3dSurfaceMipBufferSize function allows attackers to manipulate a malloc call, allocating 0 bytes while VirtualBox tracks a larger buffer size. This leads to linear read/write primitives, escalating to arbitrary read/write access of host memory. A proof-of-concept demonstrates complete virtual machine escape. Exploitation involves triggering a buggy surface allocation, exploiting out-of-bounds read/write, arbitrary heap allocation, and finally gaining RIP control for arbitrary code execution. A patch is available; users should update immediately.

(github.com)

Tech VM escape

MinorMiner: Mining Bitcoin with Children's Math Homework?

A Simple Transformer Solves Conway's Game of Life