N/A

This vulnerability allows local attackers to escalate privileges on affected installations of xhyve. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the e1000 virtual device. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-15056.

N/A

栈缓冲区溢出

xhyve 安全漏洞

xhyve是machyve开源的一个轻量级的 OS X 虚拟化解决方案。 xhyve存在安全漏洞，该漏洞源于在将用户提供的数据复制到基于堆栈的缓冲区之前没有对其长度进行适当的验证，允许本地攻击者在受影响的安装中提升权限。攻击者必须首先获得在目标客户系统上执行高权限代码的能力，才能利用这一漏洞，具体漏洞存在于e1000虚拟设备中，攻击者可以利用此漏洞在虚拟机管理程序的上下文中提升权限并执行任意代码。

N/A

N/A