VirtualBox SBX Vulnerability

A security researcher has detailed a new zero-day vulnerability in the Oracle VirtualBox virtualisation software.

Threat ID:: CC-2775
Category:: Exploit
Threat Severity:: Low
Threat Vector:
Published:: 8 November 2018 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

A security researcher has detailed a new zero-day vulnerability in the Oracle VirtualBox virtualisation software.

Threat details

The researcher claims that a local authenticated attacker could exploit this vulnerability to perform a sandbox escape (SBX) and gain access to the underlying operating system.

The vulnerability appears to lie in how the 82540EM adapter handles the context and data transmit (Tx) descriptors used to contain network packets. Typically, all descriptors are written to a physical memory buffer, with data descriptor packets required to be smaller than the maximum size of a context descriptor packet. If the packets are manipulated so that the data descriptor packets are larger than this size, it can cause a buffer overflow. This results in the affected virtual machine terminating itself and ejecting the user into the primary operating system.

Exploiting this vulnerability would allow an attacker with administrative privileges to escape the virtual machine and gain access to the Ring 3 privilege layer (the least privileged layer, used by most user applications). They would then be free to execute other applications or exploit vulnerabilities to escalate their privileges.

Remediation steps

Type	Step
	Oracle have confirmed that an update is being produced to address this vulnerability. Users and administrators are encouraged to apply this update as soon as it becomes available.

Last edited: 17 February 2020 12:56 pm