(CVE-2021-2321) Oracle VirtualBox E1000 BSS Out-Of-Bounds Read
CVE: CVE-2021-2321 Tested Versions: Oracle VirtualBox 6.1.18 revision r142142 Product URL(s): https://www.virtualbox.org/ Description of the vulnerability When the e1000 driver is sending data to e1000 device, it will send frame by frame, there are context frame and data frame, usually one context frame followed by one or multiple data frames. We can prepare by setting TDH (Transfer Head), TDBAL (first 32 bit physical address of frames), TDBAH (last 32 bit physical address of frame) register, We can make device doing transfer by writing TDT (Transfer Tail) register and then will call e1kXmitPending to do the transfer....