![]() The VM host software is supposed to prevent the guest VMs from messing with one another without prior arrangement. The big difference in this case is that virtual machine (VM) software is supposed to allow one computer, known as the host, to run numerous “guest machines” that are oblivious to each other’s presence, even though they’re actually running on the same hardware. The bugs patched in VMSA-2022-0004 cover five different CVE numbers (CVE-2021-22040, -41, -42, -43, and -50), but the first two are the ones to focus on if your change control committee insists on taking time to rank vulnerabilities into decreasing order of badness before acting.īoth CVE-2021-22040 and CVE-2021-22041 are annotated with the comment that “a malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host.”Īt first glance, the fact that an attacker first needs to login with a superuser account first might make this seem like an inconsequential sort of bug.Īfter all, if you’re already root, you can already do almost anything you like to the computer you’re on, so why bother with an exploit that gets you root again? The danger of “guest escapes” ![]() ![]() VMware says that he bugs were responsibly disclosed during the Tianfu Cup, a organised hacking contest run in China along the lines of the well-known Pwn2Own contest in Canada. ![]() ![]() According to VMware, the company “has not seen evidence that this has been exploited in the wild”. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |