Hypervisor threats

Hypervisor threats from attackers are growing in popularity. In fact, the vulnerability that allows a virtual machine to escape to the hypervisor has been documented in a certain number of 64-bit operating systems that have been virtualized. In addition, a limited number of Intel CPUs are vulnerable to a local privilege-escalation attack. The attack essentially allows the virtual machine access to a ring of the kernel on the hypervisor host. While this did affect several hypervisor platforms, it did not affect the VMware ESX platform.

VMware continues to innovate in the area of isolating components of the virtual landscape with various products, including Network Virtualization Platform (NSX). NSX is designed with the Software Designed Data Center (SDDC) approach in mind. Achieving true isolation in a multitenant cloud model is the goal. Increased isolation and controls will help to minimize hypervisor threats.

The following is an example of a guest VM affecting the host at the workstation level, not at the server level. The vulnerability listed in the National Vulnerability Database (http://nvd.nist.gov) is as follows:

Note

National Cyber Awareness System

Vulnerability summary for CVE-2007-4496

Original release date: 09/21/2007

Last revised: 03/08/2011

Source: US-CERT/NIST

Overview

Unspecified vulnerability in EMC VMware workstation before 5.5.5 build 56455 and 6.x before 6.0.1 Build 55017, player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and server before 1.0.4 Build 56528 allows authenticated users with administrative privileges on a guest operating system to corrupt memory and possibly, execute arbitrary code on the host operating system via unspecified vectors.

Impact

CVSS severity (Version 2.0)

CVSS v2 base score: 6.5 (medium) (AV:A/AC:H/Au:S/C:C/I:C/A:C) (legend)

Impact subscore: 10.0

Exploitability subscore: 2.5

CVSS Version 2 metrics:

Access vector: Local network exploitable

Access complexity: High

Authentication: Required to exploit

Impact type: This provides administrator access; allows complete confidentiality, integrity, and availability violation; allows unauthorized disclosure of information; and allows disruption of service

In this case, the user with administrative privileges in the guest operating system was able to execute the code against the host. Keep in mind that this was not just any host; this was a VMware workstation, which is a different type of hypervisor.