FreeBSD -- bhyve privilege escalation via VMCS access
AMD and Intel CPUs support hardware virtualization using specialized data
structures that control various aspects of guest operation. These are the
Virtual Machine Control Structure (VMCS) on Intel CPUs, and the Virtual
Machine Control Block (VMCB) on AMD CPUs. Insufficient access controls allow
root users, including those running in a jail, to change these data
An attacker with host root access (including to a jailed bhyve instance) can
use this vulnerability to achieve kernel code execution.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright