The Great Escapes : A Case Study Of VM Escape & EoP Vulnerabilities

We will share with everyone the process from vulnerability discovery to exploitation of the Pwn2Own bugs we discovered in VirtualBox and Ubuntu.
In this presentation, we will first share the fundamentals of VirtualBox and some of its special features, including its kernel, filesystem, virtual devices and so on.
Next, we will demonstrate the attack surfaces in its current implementations and how did we uncover several security vulnerabilities related to virtual machine escape.
In particular, we will anatomize the bugs leveraged in our escape chain, CVE-2021-2321 and CVE-2021-2250, and give an exhaustive explanation about some reliable techniques to manipulate the heap for exploitation, triggering arbitrary code execution in the host context.
We will also give an in-depth analysis of the Ubuntu EoP (CVE-2021-3491)