Security vulnerabilities and automated fixes for hypervisor security issues
1 post found
A critical buffer overflow vulnerability was discovered in `machine.virt/system/libs/arch_virt/src/virtio.c`, where four `memcpy` calls used length values sourced directly from guest-controlled virtio queue descriptor rings without validating them against the destination buffer size. An attacker operating a malicious guest VM could supply an oversized length (e.g., `0xFFFFFFFF`) to corrupt adjacent host heap memory, including function pointers and heap metadata. The fix introduces an explicit bo