Security vulnerabilities and automated fixes for virtualization issues
2 posts found
A medium-severity vulnerability in `src/ddma.c` allowed a malicious guest OS to program DMA controllers with unconstrained transfer sizes and addresses, potentially enabling guest-to-host memory access in an emulated environment. The fix introduces strict bounds validation to ensure all DMA transfers stay within allocated memory regions, closing a dangerous path to host memory disclosure and corruption.
A critical out-of-bounds memory read vulnerability was discovered and patched in a RISC-V emulator's MMU address translation logic, where insufficient bounds validation in `mmu_ifetch` allowed malicious guest programs to read arbitrary host process memory. This class of vulnerability represents one of the most dangerous bugs in virtualization and emulation software, as it breaks the fundamental isolation boundary between guest and host. The fix reinforces address validation before any memory acc