Virtualization Vulnerabilities

VM escape happens when an attacker with access to a virtual machine breaks out of this isolated environment and gains access to the host system or other VMs running on the same host.

could allow an attacker to gain control of all virtual machines running on a single physical server

Example

Cloudburst vulnerability in VMware’s virtual machine display function.

officially designated as CVE-2009-1244

discovered in 2009 in VMware’s ESX Server

vulnerability in the virtual machine display function allowed a guest operating system to execute code on the host operating system

Resource reuse

VMs are frequently created, used, and then deleted
If the resources are not properly sanitized between each use
- sensitive data could be leaked between virtual machines
mitigate by:
- Thorough data sanitization practices
- ensuring data encryption throughout the lifecycle
- implementing robust encryption key management
- cloud provider security features and best practices

adam's notes

Virtualization Vulnerabilities

Graph View

Backlinks