Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

In the world of virtualization, there are two types: 1 & 2. Type 1 runs on bare metal (no OS in between hardware and hypervisor) essentially BEING the OS. Examples of type 1 are Xen, VMWare ESXi and Hyper-V. Type 2 runs on top of an OS, such as Virtual Box, VMware Workstation and others. A good picture to see the difference can be found here.

The vulnerability in this post discusses an issue found in the Type 1 hypervisor Xen.

The bug was discovered a NULL pointer dereference in an IRQ handler from the guest to the Xen host. The IRQ is a way for events to be handled by hypervisor. This can be triggered when an interrupt occurs for the IRQ to be handled AND the IRQ has just been freed.

At a minimum, triggering this bug can result in a DoS by taking down the hypervisor. At the worst, this IRQ position could be REUSED in another IRQ allocation. If this comes from a different physical device, the IRQ would have an entirely different structure, which could lead to a complete compromise of the hypervisor.