20.Lock AbstractDigital Circular

Security researcher Jason Donenfeld who is known for leading the development of the WireGuard open-source software has outlined a new security vulnerability affecting the Oracle VM VirtualBox software.

When SIMD registers are used within interrupt handlers, it's possible for VirtualBox to leak data from the host to guest VMs.

Donenfeld explained on the kernel mailing list:

I wrote a tiny reproducer that should be pretty reliable for testing this, attached below. I think this proves my working theory. Run this in a VirtualBox VM, and then move your mouse around or hit the keyboard, or do something that triggers the add_{input,disk}_randomness() path from a hardirq handler. On my laptop, for example, the trackpoint goes via hardirq, but the touchpad does not. As soon as I move the trackpoint around, the below program prints "XSAVE is borked!".

Also, note that this isn't just "corruption" of the guest VM, but also leaking secret contents of the host VM into the guest. So you might really want to make sure VirtualBox issues a fix for this before 5.18, as it's arguably security sensitive.

The link for this article located at Phoronix is no longer available.