Home > News content

Tencent Blade Team finds escape vulnerabilities in Cloud Virtualization platform

via:博客园     time:2019/10/10 17:31:23     readed:78

With the rapid development of cloud technology and the iterative updating, all industries are

Recently, Tencent Blade Team team discovered a serious vulnerability in the mainstream virtualization platform QEMU-KVM in its research on cloud virtualization security. Under certain conditions, an attacker can crash the master machine through a submachine, resulting in a denial of service, or even complete control of the master machine and other merchant virtual machines on the master machine. It is reported that this loophole is likely to affect Google,Amazon and other international companies and many well-known domestic manufacturers.

This is one of the events that took place on the cloud

The vulnerability is reported to the linux kernel official by the Blade Team, which is included by the National Information Security Vulnerability Sharing Platform (CNVD), with a comprehensive rating of

Up to now, Blade Team has cooperated with Tencent cloud virtualization development team to assist the official Linux kernel to complete vulnerability testing and repair, and the community and related vendors have issued security announcements and repair versions.

Take one loophole and control the whole machine

In the past, most of the vulnerabilities existed in the user state level, while the QEMU-KVM vulnerabilities discovered by Blade Team existed at the virtual master kernel level. Not only few people successfully break through this aspect, but also the influence of the authority involved is much greater than that of the user state, which can paralyze the whole server and even control the mothermachine kernel, thus affecting the business of all merchants on the server.

Cradmin, technical director of Blade Team, said that there was a buffer overflow vulnerability in the Vhost kernel module of QEMU-KVM, a virtualization platform, which could be triggered in the hot migration scenario of virtual subcomputers. Heat migration is a common operation for cloud service providers to solve machine failures or optimize computing resources, which may occur every day. Attackers can take this opportunity to implement virtual machine escape attacks through vulnerabilities, manipulate the submachine to crash the host kernel or execute malicious code in the physical machine kernel, and then completely control the host.

The merchants on the cloud are each in a virtual machine that does not affect each other, but once the vulnerability is exploited by hackers, the cloud can be implemented.

It is worth mentioning that the heat transfer implementation mechanism of each cloud vendor is not exactly the same, and does not exclude the existence of such an attack scenario: even if the cloud manufacturer does not carry out active heat transfer, the hacker can actively induce the heat transfer by causing the mother machine to be overloaded, if the corresponding virtual machine is purchased by the hacker, thereby completing

Dark Cloud: Many well-known manufacturers at home and abroad or affected

However, the harm caused by the loophole is not only that.

QEMU-KVM is widely used as the mainstream virtualization platform by cloud vendors. Mainstream vendors at home and abroad are using it. There are many internationally renowned vendors such as Google, Amazon, and many domestic head vendors are also widely used.

It can be imagined that once such a virtual machine kernel escape vulnerability is exploited by hackers, it will spread to how many companies and how many users' information and property security will be affected.

Blade Team has reported the vulnerability to the Linux kernel authorities after discovering it, and joined Tencent cloud virtualization development team to assist the kernel community in testing and repairing it. Blade Team also responsibly disclosed the details of the vulnerability in accordance with community specifications (Blade Team official website disclosure details: https://blade.tencent.com/achievements/v-ghost/).


Up to now, the main line of Linux kernel has included security patches submitted by Tencent Cloud into the official version for public release, and other distribution vendors (Red Hat/Ubuntu, etc.) have issued security announcements and repair versions.

The vulnerability is also included by (CNVD), a national information security vulnerability sharing platform.Https://www.cnvd.org.cn/webinfo/show/5233The latter has a comprehensive rating of the vulnerability as

Ready for deployment: Blade Team escorts Cloud Security

This is another important discovery of Tencent Blade Team on the cloud security journey.

Tencent Blade Team, founded by Tencent Security Platform Department, is dedicated to the research of Internet frontier technology security. Since its inception, Tencent Blade Team has found more than 100 security vulnerabilities in many well-known international manufacturers, such as Google, Apple, Amazon, Microsoft, and has been widely recognized by the Internet industry, manufacturers and the international security community.

In the age of the industrial Internet,

China IT News APP

Download China IT News APP

Please rate this news

The average score will be displayed after you score.

Post comment

Do not see clearly? Click for a new code.

User comments