DigiNews

Tech Watch by Johan Denoyer

← Back to articles

From virtio-snd 0-Day to Hypervisor Escape: Exploiting QEMU with an Uncontrolled Heap Overflow

Quality: 9/10 Relevance: 9/10

Summary

A security-focused write-up from OtterSec describing multiple memory safety bugs in QEMU's virtio-snd path that enable a guest-to-host escape. It covers three core bugs, heap grooming using the glibc allocator, a heap-spray technique via virtio-9p, and an exploit chain that leads to arbitrary read/write and host code execution, including a GOT leak and a final RIP control.

🚀 Service construit par Johan Denoyer