Archives
-
BlackHat/DEFCON 2011 talk: Breaking out of KVM
I’ve posted the final slides from my talk this year at DEFCON and Black Hat, on breaking out of the KVM Kernel Virtual Machine on Linux. Virtunoid: Breaking out of KVM [Edited 2011-08-11] The code is now available. It should be fairly well-commented, and include links to everything you’ll need to get the exploit up [...]
Aug 8th, 2011 | Filed under Computer Security, Low-level hacking -
Some notes on CVE-2010-3081 exploitability
Most of you reading this blog probably remember CVE-2010-3081. The bug got an awful lot of publicity when it was discovered an announced, due to allowing local privilege escalation against virtually all 64-bit Linux kernels in common use at the time. While investigating CVE-2010-3081, I discovered that several of the commonly-believed facts about the CVE [...]
Nov 30th, 2010 | Filed under linux -
CVE-2007-4573: The Anatomy of a Kernel Exploit
CVE-2007-4573 is two years old at this point, but it remains one of my favorite vulnerabilities. It was a local privilege-escalation vulnerability on all x86_64 kernels prior to v2.6.22.7. It’s very simple to understand with a little bit of background, and the exploit is super-simple, but it’s still more interesting than Yet Another NULL Pointer [...]
Feb 5th, 2010 | Filed under Computer Security