Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. vhost_crypto.c frequently accesses the descriptors directly in the shared memory region. This is not safe. An attacker in the VM can change the contents of the memory after vhost_crypto has validated it. vhost_crypto.c needs to avoid processing data directly in the shared memory region. This can be exploited in the same way as finding number 1 to gain remote code execution and virtual machine escape. CREATE(Triage):(User=admin) [CVE-2020-14375|https://nvd.nist.gov/vuln/detail/CVE-2020-14375]
