#Role: Windows Hyper-V

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

**What is meant by scope change for this particular vulnerability?** In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to execute code on the Hyper-V host execution environment.

**What configurations or versions could be at risk from this vulnerability?** This bypass could affect any Hyper-V configurations that are using Router Guard. **What is the exposure if the vulnerability was bypassed?** Certain packets that would normally be blocked or dropped could be processed. This could allow an attacker to bypass set policy, potentially influencing router paths.

**What configurations or versions could be at risk from this vulnerability?** This bypass could affect any Hyper-V configurations that are using Router Guard. **What is the exposure if the vulnerability was bypassed?** Certain packets that would normally be blocked or dropped could be processed. This could allow an attacker to bypass set policy, potentially influencing router paths.

**How could an attacker exploit this vulnerability?** An authenticated attacker could run a specially crafted application on a vulnerable Hyper-V guest to exploit this vulnerability. **What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could potentially interact with processes of another Hyper-V guest hosted on the same Hyper-V host.

*What are the vulnerable configurations of Hyper-V?* Installations of Hyper-V with GRE (Generic Routing Encapsulation) enabled.

*How could an attacker exploit this vulnerability?* For successful exploitation, this vulnerability could allow a malicious guest VM to read kernel memory in the host. To trigger this vulnerability the guest VM requires a memory allocation error to first occur on the guest VM. This bug could be used for a VM escape from guest to host.