VMware ESXi Heap Buffer Overflow in PVSCSI Driver
Summary
A heap buffer overflow vulnerability in the VMware ESXi PVSCSI driver allows a guest virtual machine to execute code on the ESXi host.
Description
VMware ESXi contains a heap buffer overflow vulnerability in the Paravirtual SCSI (PVSCSI) driver that allows a guest virtual machine to execute code on the ESXi host. This vulnerability can be exploited by an attacker with administrative privileges on a virtual machine to escape from the virtual machine to the hypervisor.
The vulnerability exists in the way the PVSCSI driver handles certain SCSI commands from guest virtual machines. A specially crafted series of SCSI commands can trigger a heap buffer overflow condition, potentially allowing arbitrary code execution on the ESXi host with root privileges.
This vulnerability is particularly severe as it allows for virtual machine escape, which breaks the fundamental security boundary between virtual machines and the hypervisor.
Affected Products
- ESXi 7.0 before ESXi70U2c-18426014
- ESXi 6.7 before ESXi670-202102401-SG
- ESXi 6.5 before ESXi650-202102101-SG
CVSS Score
About the Author
Wei Zhang
Security Researcher
Wei specializes in virtualization security and has discovered multiple vulnerabilities in hypervisors.