CISUC

Technical Information on Vulnerabilities of Hypercall Handlers

Authors

Abstract

SPEC Research Group - IDS Benchmarking Working Group, Standard Performance Evaluation Corporation (SPEC)
http://research.spec.org/working-groups/ids-benchmarking-working-group.html

Modern virtualized service infrastructures expose attack vectors that enable attacks of high severity, such as attacks targeting hypervisors. A malicious user of a guest VM (virtual machine) may execute an attack against the underlying hypervisor via hypercalls, which are software traps from a kernel of a fully or partially paravirtualized guest VM to the hypervisor. The exploitation of a vulnerability of a hypercall handler may have severe consequences such as altering hypervisor’s memory, which may result in the execution of malicious code with hypervisor privilege. Despite the importance of vulnerabilities of hypercall handlers, there is not much publicly available information on them. This significantly hinders advances towards securing hypercall interfaces. In this work, we provide in-depth technical information on publicly disclosed vulnerabilities of hypercall handlers. Our vulnerability analysis is based on reverse engineering the released patches fixing the considered vulnerabilities. For each analyzed vulnerability, we provide background information essential for understanding the vulnerability, and information on the vulnerable hypercall handler and the error causing the vulnerability. We also show how the vulnerability can be triggered and discuss the state of the targeted hypervisor after the vulnerability has been triggered.


Find the report here.

Keywords

Security and Privacy, Systems security, Operating systems security, Virtualization and security

Subject

IDS Benchmarking

TechReport Number

SPEC-RG-2014-001 v.1.0

Cited by

No citations found