- qemu
- cxl
- hypervisor
- escape
- exploitarium
news
QEMU CXL Type-3 Mailbox Host Escape PoC
Guest CXL mailbox GET_LOG/SET_FEATURE bugs leak host pointers and forge MemoryRegionOps — host marker id>/tmp/qemu_cxl_escape_marker on QEMU 11.0.50.
Summary
A BIOS floppy guest on a CXL-enabled q35 machine drives QEMU Type-3 mailbox handlers with out-of-bounds GET_LOG reads and unchecked SET_FEATURE rank-sparing writes into CXLType3Dev tail memory. Forged MemoryRegionOps callbacks reach libc system() inside the QEMU host process, writing id>/tmp/qemu_cxl_escape_marker. Verified against upstream QEMU 30e8a06b reporting emulator version 11.0.50. This proof-of-concept is one of 30 folders in the Exploitarium collection. OFFSITE.DARK summarizes the upstream README and PoC design; we did not discover or weaponize this flaw.
Key Findings
| Finding | Detail |
|---|---|
| Product / target | QEMU 11.0.50 @ 30e8a06b64aa58a3990ba39cb5d09531e7d265e0 with CXL Type-3 |
| Primitive | GET_LOG offset conflation + rank-sparing memcpy without destination bounds |
| Impact | Guest VM escapes hypervisor boundary to execute host shell command as QEMU process user. |
Attack Chain
Guest stage2 → PCI CXL config → GET_LOG leaks qemu_base/ct3d → SET_FEATURE forges address_space → MEDIA_OPERATIONS → system(marker)
Mitigation
Bound mailbox offset arithmetic and rank-sparing write destinations; treat CXL device emulation as host-trust boundary; restrict CXL Type-3 to trusted workloads until patched.