Bug Hunting in VMware Device Virtualization - Security Vulnerabilities and Attack Surfaces

Explore a groundbreaking security presentation that reveals a previously unexplored attack surface in VMware's Device Virtualization within VMKernel. Discover eight newly identified vulnerabilities, including three CVE-assigned issues and five VMware-confirmed security flaws, some of which were successfully exploited in the Tianfu Cup. Learn about the intricate loading process of vmm, data sharing mechanisms between vmm and vmx, and VMware's UserRPC communication system between the Hypervisor and Host. Examine security vulnerabilities across the USB system, including the host controller, VUsb middleware, and VUsb backend devices. Compare and contrast SCSI-related device emulation in virtual disk systems between VMware Workstation and ESXi, while understanding critical design flaws in VMKernel's disk device emulation implementation.