Advisories

V-gHost : QEMU-KVM VM Escape in vhost/vhost-net

By Blade Team

September 17, 2019

V-gHost is a QEMU-KVM VM escape vulnerability that exists in vhost/vhost-net host linux kernel module. V-gHost is a Linux kernel buffer overflow bug in host kernel module, attackers can trigger this bug from VM with priviledge account of the VM during the VM migration. vhost/vhost-net is a virtio network backend module which is implemented as a Linux kernel module. This vulnerability was discovered by Tencent Blade Team. Q & A (1) Am I affected by the vulnerability?

QualPwn - Exploiting Qualcomm WLAN and Modem Over The Air

By Blade Team

August 1, 2019

QualPwn is a series of vulnerabilities discovered in Qualcomm chips. One of the vulnerabilities allows attackers to compromise the WLAN and Modem over-the-air. The other allows attackers to compromise the Android Kernel from the WLAN chip. The full exploit chain allows attackers to compromise the Android Kernel over-the-air in some circumstance. These vulnerabilities were discovered by Tencent Blade Team. We will share what we found about QualPwn in(BlackHat USA 2019 )and (DEFCON 27 ).

Magellan - SQLite Remote Code Execution Vulnerability

By Blade Team

January 1, 2019

Magellan is a number of vulnerabilities that exist in SQLite. These vulnerabilities were discovered by Tencent Blade Team and verified to be able to successfully implement remote code execution in Chromium browsers. As a well-known database, SQLite is widely used in all modern mainstream operating systems and software, so this vulnerability has a wide range of influence. SQLite and Google had confirmed and fixed this vulnerability. We will not disclose any details of the vulnerability at this time, and we are pushing other vendors to fix this vulnerability as soon as possible.

Columbus - Multiple TensorFlow Security Vulnerabilities

By Blade Team

January 1, 2018

Columbus is the first vulnerability found in Google’s AI Framwork TensorFlow. This vulnerability allows a malicious TensorFlow model file executes arbitrary code on TensorFlow user’s computer. It’s common case for TensorFlow users to download and use a pretrained model. If a TensorFlow user uses a malicious model file, the user’s computer could be controlled or private data is stole.Columbus works on personal computers, mobile devices, and in the cloud.

Vulnerability List & Acknowledgement Information

Tencent Blade Team focuses on the research of cutting-edge security attack and defense technology in the field of cyberspace. In the process of research, we may find security vulnerabilities in some vendors, open source software or devices. We will report the security vulnerabilities to the relevant vendors or developers as soon as possible, and actively assist them to fix these security vulnerabilities. To date, we have reported to Apple, Amazon, Google, Microsoft, Adobe and many other companies and helped fix more than 200 security vulnerabilities.