Category

Virtualization

Security vulnerabilities and automated fixes for virtualization issues

3 posts found

critical7 min

Guest-Controlled Buffer Overflow in virtio.c: How Four Unsafe memcpy Calls Threatened Host Memory

A critical buffer overflow vulnerability was discovered in `machine.virt/system/libs/arch_virt/src/virtio.c`, where four `memcpy` calls used length values sourced directly from guest-controlled virtio queue descriptor rings without validating them against the destination buffer size. An attacker operating a malicious guest VM could supply an oversized length (e.g., `0xFFFFFFFF`) to corrupt adjacent host heap memory, including function pointers and heap metadata. The fix introduces an explicit bo

#buffer-overflow#virtio#virtualization+4 more
O
orbisai0security
Jun 1, 2026
medium9 min

DMA Bounds Overflow: How a Missing Validation Nearly Opened a Host Memory Escape

A medium-severity vulnerability in `src/ddma.c` allowed a malicious guest OS to program DMA controllers with unconstrained transfer sizes and addresses, potentially enabling guest-to-host memory access in an emulated environment. The fix introduces strict bounds validation to ensure all DMA transfers stay within allocated memory regions, closing a dangerous path to host memory disclosure and corruption.

#security#emulation#dma+4 more
O
orbisai0security
May 24, 2026
critical8 min

Critical MMU Bounds Bypass: How a Missing Validation Exposes Host Memory

A critical out-of-bounds memory read vulnerability was discovered and patched in a RISC-V emulator's MMU address translation logic, where insufficient bounds validation in `mmu_ifetch` allowed malicious guest programs to read arbitrary host process memory. This class of vulnerability represents one of the most dangerous bugs in virtualization and emulation software, as it breaks the fundamental isolation boundary between guest and host. The fix reinforces address validation before any memory acc

#security#memory-safety#emulation+4 more
O
orbisai0security
May 21, 2026