Completed
Passing Shader bytecode from guest to host via 'SVGA3D' Protocol
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
A Retrospective Case Study of VMware Guest-to-Host Escape Vulnerabilities
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Why VMWare Patch Analysis?
- 3 VMWare Workstation Attack Surfaces
- 4 VM-Tools & VMWare RPC
- 5 Guest RPC Mechanism
- 6 VM Backdoor
- 7 RPC Packet Handling in Host
- 8 Sending Custom RPC Packets From Guest to Host
- 9 RPC Bug 1: OOB in Drag and Drop
- 10 Achieving OOB Read
- 11 Achieving OOB Write
- 12 Info. Leak Using OOB Write Over RPC
- 13 Bug 3: Use After Free
- 14 VMware Virtual Printer
- 15 Triggering the Print Preview
- 16 Double Free in EMR_SMALLTEXTOUTW (CVE-2016-7082)
- 17 Patch for CVE-2016-7082
- 18 Embedded EMFSPOOL (CVE-2016-7083)
- 19 Out of Bounds Write Vulnerability in JPEG2000 Decompression (CVE-2016-7084)
- 20 Patch for CVE-2016-7084
- 21 More Fuzzing
- 22 VMware SVGA II Device Architecture
- 23 SVGA FIFO Commands
- 24 History of Security Bugs in FIFO Commands: Cloudburst by Kostya Kortchinsky
- 25 What Are Shaders?
- 26 Life of a Shader
- 27 Shader inside VMware Workstation
- 28 Passing Shader bytecode from guest to host via 'SVGA3D' Protocol
- 29 Shader Bytecode handling in Host
- 30 Vulnerabilities in Virtual GPU
- 31 SVGA Patch 1(Workstation 12.5.4 - 12.5.5)
- 32 Heap OOB Write
- 33 Demo: SVGA Memory Corruption
- 34 Other SVGA Issues fixed in 12.5.5
- 35 Possible Security Issue fixed in SM1 'op_calli instruction parser in version 12.5.3?
- 36 Black Hat Sound Bytes
- 37 Other Works and Recommended Reads
- 38 Questions?