670572 – e1k driver can be used to escape from guest and execute code in host's ring3. 0-day

Bug 670572 - e1k driver can be used to escape from guest and execute code in host's ring3. 0-day

Summary: e1k driver can be used to escape from guest and execute code in host's ring3....

Status:	RESOLVED OBSOLETE

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal critical (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2018-11-07 10:29 UTC by n05ph3r42
Modified:	2019-03-24 03:11 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description n05ph3r42 2018-11-07 10:29:57 UTC

Explanation & PoC (ru): https://habr.com/post/429004/
video: https://player.vimeo.com/video/299325088?byline=0&badge=0

vulnerable
<= VirtualBox 5.2.20 using e1000 NAT
also all systems using e1k with NAT should be vulnerable too (KVM etc)