One point I'm confused on: The demo was on a Windows 11 host, but they start by talking about a Linux Paravirtualized SCSI driver that gathers data "provided by the guest's driver".
Is that PVSCSI driver one that runs on the guest OS (eg. as part of VMware Tools) and talks to other drivers (like OS ones for disks and CD-ROM's) that likewise run in the guest OS?
Or are they just using that Linux driver source code for reference, to help them identify a vulnerability that exists in all platforms?
Finally, it doesn't mention versions of Workstation prior to 17 or ESX[i] 7, which I think were released in Oct/Nov 2022, around 5 months after the Broadcom acquisition was announced though before the deal was finalized. Are prior versions immune from the heap overflow bug, or did they just not bother to evaluate out-of-support versions? I'm curious if this was a bug that slipped in after any employee impacts (morale, firings/layoffs, apathy, etc) following news of the sale, or if the flawed code was present for decades.
One point I'm confused on: The demo was on a Windows 11 host, but they start by talking about a Linux Paravirtualized SCSI driver that gathers data "provided by the guest's driver".
Is that PVSCSI driver one that runs on the guest OS (eg. as part of VMware Tools) and talks to other drivers (like OS ones for disks and CD-ROM's) that likewise run in the guest OS?
Or are they just using that Linux driver source code for reference, to help them identify a vulnerability that exists in all platforms?
The VMSA for reference: https://support.broadcom.com/web/ecx/support-content-notific...
Finally, it doesn't mention versions of Workstation prior to 17 or ESX[i] 7, which I think were released in Oct/Nov 2022, around 5 months after the Broadcom acquisition was announced though before the deal was finalized. Are prior versions immune from the heap overflow bug, or did they just not bother to evaluate out-of-support versions? I'm curious if this was a bug that slipped in after any employee impacts (morale, firings/layoffs, apathy, etc) following news of the sale, or if the flawed code was present for decades.
If I understand it correctly, that driver code is for reference they exploit the host sides handling of what that Linux PVSCSI driver produces.
That is a wild series of exploits. Impressive.