Headline
CVE-2024-30092: Windows Hyper-V Remote Code Execution Vulnerability
Under what circumstances might this vulnerability be exploited other than as a denial of service attack against a Hyper-V host?
This issue allows a guest VM to force the Hyper-V host’s kernel to read from an arbitrary, potentially invalid address. The contents of the address read would not be returned to the guest VM. In most circumstances, this would result in a denial of service of the Hyper-V host (bugcheck) due to reading an unmapped address. It is possible to read from a memory mapped device register corresponding to a hardware device attached to the Hyper-V host which may trigger additional, hardware device specific side effects that could compromise the Hyper-V host’s security.