███▄ ▄███▓▓█████ ▒██ ██▒ ██▓▓█████ ███▄ █ ▓█████▄▄▄█████▓
▓██▒▀█▀ ██▒▓█ ▀ ▒▒ █ █ ▒░▓██▒▓█ ▀ ██ ▀█ █ ▓█ ▀▓ ██▒ ▓▒
▓██ ▓██░▒███ ░░ █ ░▒██▒▒███ ▓██ ▀█ ██▒▒███ ▒ ▓██░ ▒░
▒██ ▒██ ▒▓█ ▄ ░ █ █ ▒ ░██░▒▓█ ▄ ▓██▒ ▐▌██▒▒▓█ ▄░ ▓██▓ ░
▒██▒ ░██▒░▒████▒▒██▒ ▒██▒░██░░▒████▒ ██▓ ▒██░ ▓██░░▒████▒ ▒██▒ ░
░ ▒░ ░ ░░░ ▒░ ░▒▒ ░ ░▓ ░░▓ ░░ ▒░ ░ ▒▓▒ ░ ▒░ ▒ ▒ ░░ ▒░ ░ ▒ ░░
░ ░ ░ ░ ░ ░░░ ░▒ ░ ▒ ░ ░ ░ ░ ░▒ ░ ░░ ░ ▒░ ░ ░ ░ ░
░ ░ ░ ░ ░ ▒ ░ ░ ░ ░ ░ ░ ░ ░
░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░
░
Link to Project Zero Tracker Link
This seems to be a bad week for virtualization. First vmware gets escaped from during pwn2own Link to day 3 and now Project Zero finds a QEMU bug that allows unprivileged users in a VM to insert code into privileged processes, allowing for unprivileged VM takeover.