This is a technical writeup describing a double fetch vulnerability (CVE-2018-2844) in VirtualBox's Video Acceleration feature on Linux hosts. It explains the exploitation method involving VRAM manipulation and provides references to external PoC code.
Classification
Writeup 90%
Attack Type
Rce
Complexity
Complex
Reliability
Theoretical
Target:Oracle VirtualBox 5.2.6.r120293
No auth needed
Prerequisites:Linux host with VirtualBox installed · Guest VM with vboxvideo driver blacklisted