bird.makeup

I wanted to end last year with a vm escape, took me a bit longer but I want to present you my latest public research: A VM escape in Oracle VirtualBox using only one integer overflow bug! This was fixed in April 15 and assigned CVE-2025-30712. https://github.com/google/security-research/security/advisories/GHSA-qx2m-rcpc-v43v
See Tweet

Service load: 111 hours to fetch all users
Source Code Support us on Patreon