FAQ
According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? This vulnerability could lead to the attacker gaining the ability to interact with other tenant’s applications and content.
FAQ
According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? To successfully exploit this vulnerability, an attacker or the targeted user would need to achieve a high level of control over a machine, as the attack requires access to processes typically restricted from average users. Essentially, the exploitation necessitates elevated privileges on the compromised machine due to the requirement of manipulating processes beyond the reach of standard user permissions.
FAQ
How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by taking advantage of the unchecked return value in the wnv.sys component of Windows Server 2016. By manipulating the content of the Memory Descriptor List (MDL), the attacker could cause unauthorized memory writes or even free a valid block currently in use, leading to a critical guest-to-host escape.
Mitigation
The following mitigating factors might be helpful in your situation: Ensuring that the virtual machine (VM) is running on the VMware hypervisor exclusively, as it needs to be capable of nested virtualization. Disabling Hyper-V and its dependent features (VBS and its components) on the host where the VM will run is also crucial. Renaming the hypervisor binary (C:\Windows\System32\hvix64.exe) to prevent it from loading at boot time can also help mitigate the issue.