tags:lpehypervisorpwn2ownvirtualboxOOB_write original link: CVE-2024-21115: An Oracle VirtualBox LPE Used To Win Pwn2Own newsletter link: exploits.club Weekly Newsletter 21
Exploits Club Summary:
ZDI hosted a blog post from Cody Gallagher, in which he discussed the OOB write bug he used to pop VirtualBox in P20. The core bug stems from an incorrect calculation of a start address, which results in the ability to write outside of a fixed size buffer. The exploit leverages this bug to disable the critical sections and trigger a race condition. The post does a fantastic job detailing all the specifics, including code, and digging into the VB internals - give it a read!