CVE-2023-21987 PoC — Oracle Virtualization 安全漏洞

Source

https://github.com/chunzhennn/cve-2023-21987-poc

Associated Vulnerability

Title:Oracle Virtualization 安全漏洞 (CVE-2023-21987)
Description:Oracle Virtualization是美国甲骨文（Oracle）公司的一套虚拟化解决方案。该产品用于统一管理从应用程序到磁盘的整个硬件和软件体系，可实现从桌面到数据中心的虚拟化。 Oracle Virtualization 6.1.44 版本及之前版本和 7.0.8 版本及之前版本的 Core 组件存在安全漏洞。低权限攻击者利用该漏洞可以登录到 Oracle VM VirtualBox 执行的基础设施来破坏 Oracle VM VirtualBox。

Description

Oracle VirtualBox VGA OOB-Read Vulnerability

Readme

# cve-2023-21987-poc

## Oracle VirtualBox VGA OOB-Read Vulnerability

This Proof of Concept (PoC) is designed for a Linux guest OS running on a Windows host OS.

The purpose of this PoC is to demonstrate the ability to leak addresses of VirtualBox components. You may need to adjust the pointer values within the `vga_exp` function to match the specific builds you are testing.

Currently, the success rate is relatively low. Contributions to improve its reliability are highly appreciated.

File Snapshot


 [4.0K]  /data/pocs/da4d82852f4aaa66b4b1028ce7930a44dbd34e08
├── [8.5K]  poc.c
├── [ 492]  README.md
└── [ 15K]  vmmdev.h

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!