Hunting and Exploiting Recursive MMIO Flaws in QEMU KVM

Explore the security implications of recursive MMIO flaws in QEMU KVM hypervisors in this 22-minute Black Hat conference talk. Delve into the potential vulnerabilities that arise when MMIO VM-exit handlers are recursively called during DMA transfers, potentially compromising virtual device state machines or crashing the hypervisor. Gain insights into this understudied attack surface as the speakers analyze root causes, common consequences, and exploitability of recursive MMIO issues. Learn from the security research conducted on QEMU/KVM, a widely-used hypervisor in cloud computing environments, and understand the critical nature of these security concerns.