OFFSITE.DARK
← Signals

Jul 1, 2026

2 min

Exploitarium

  • qemu
  • cxl
  • hypervisor
  • escape
  • exploitarium

news

QEMU CXL Type-3 Mailbox Host Escape PoC

Guest CXL mailbox GET_LOG/SET_FEATURE bugs leak host pointers and forge MemoryRegionOps — host marker id>/tmp/qemu_cxl_escape_marker on QEMU 11.0.50.

Summary

A BIOS floppy guest on a CXL-enabled q35 machine drives QEMU Type-3 mailbox handlers with out-of-bounds GET_LOG reads and unchecked SET_FEATURE rank-sparing writes into CXLType3Dev tail memory. Forged MemoryRegionOps callbacks reach libc system() inside the QEMU host process, writing id>/tmp/qemu_cxl_escape_marker. Verified against upstream QEMU 30e8a06b reporting emulator version 11.0.50. This proof-of-concept is one of 30 folders in the Exploitarium collection. OFFSITE.DARK summarizes the upstream README and PoC design; we did not discover or weaponize this flaw.

Key Findings

FindingDetail
Product / targetQEMU 11.0.50 @ 30e8a06b64aa58a3990ba39cb5d09531e7d265e0 with CXL Type-3
PrimitiveGET_LOG offset conflation + rank-sparing memcpy without destination bounds
ImpactGuest VM escapes hypervisor boundary to execute host shell command as QEMU process user.

Attack Chain

Guest stage2 → PCI CXL config → GET_LOG leaks qemu_base/ct3d → SET_FEATURE forges address_space → MEDIA_OPERATIONS → system(marker)

Mitigation

Bound mailbox offset arithmetic and rank-sparing write destinations; treat CXL device emulation as host-trust boundary; restrict CXL Type-3 to trusted workloads until patched.

Related Signals

Sources

→ Source