CVE-2025-21333
vsp.sys — Hyper-V Virtual Service Provider heap-based buffer overflow
Exploited in the Wild
Exploited in the wild as a zero-day. Reported in Microsoft's January 2025 Patch Tuesday as under active exploitation.
Summary
| Field | Value |
|---|---|
| Driver | vsp.sys (Hyper-V Virtual Service Provider) |
| Vulnerability Class | Buffer Overflow |
| Vulnerable Build | 10.0.26100.2605 and earlier |
| Fixed Build | 10.0.26100.2894 (KB5050009, January 2025) |
| Exploited ITW | Yes |
Affected Functions
- VspReceivePacket
- VspProcessChannelMessage
- VspHandleGpaDirectPacket
Root Cause
The Hyper-V Virtual Service Provider (vsp.sys) handles communication between the host partition and guest virtual machines through VMBus channels. VSP processes requests from Virtual Service Consumers (VSCs) running inside guest VMs, handling operations like storage I/O, networking, and video.
The vulnerability is a heap-based buffer overflow in the packet processing path. When VspReceivePacket processes a VMBus channel message, it reads a size field from the incoming packet header to determine how much data to copy into a kernel buffer. The size field is not properly validated against the allocated buffer size, allowing an attacker to send an oversized packet that overflows the destination buffer in NonPagedPoolNx.
This is significant because it represents a guest-to-host escape vector — a vulnerability reachable from within a Hyper-V virtual machine that affects the host kernel. This crosses a critical security boundary that is supposed to be enforced by the hypervisor.
AutoPiff categorizes this as heap buffer overflow via insufficient packet size validation with detection rules:
added_len_check_before_memcpy— identifies the new size validation before the memory copyadded_buffer_size_validation— detects the bounds check on the VMBus packet size field
Exploitation
The attack originates from within a Hyper-V guest VM. The attacker, running with elevated privileges inside the guest, sends crafted VMBus channel messages to the host's VSP driver. The oversized packet triggers a heap buffer overflow in the host kernel's NonPagedPoolNx.
The overflow corrupts adjacent pool allocations on the host. Using pool spray techniques from within the guest (via legitimate VMBus operations that cause host-side allocations), the attacker controls what objects are adjacent to the vulnerable buffer. The corrupted object provides a kernel read/write primitive on the host.
With host kernel R/W established, the attacker performs a token swap to escalate to SYSTEM on the host, completing the guest-to-host escape. This effectively breaks the hypervisor isolation boundary.
Patch Analysis
The January 2025 update adds proper validation of the packet size field in VspReceivePacket before copying data. The new code compares the incoming packet's declared data size against the pre-allocated buffer capacity and rejects packets that exceed the limit. Additional validation was added in VspProcessChannelMessage to verify message header consistency before dispatching to specific handlers.
AutoPiff detects this change via the added_len_check_before_memcpy rule, which identifies the new comparison instruction that validates the source data length against the destination buffer size prior to the copy operation.
Detection
YARA Rule
rule CVE_2025_21333_VSP {
meta:
description = "Detects vulnerable version of vsp.sys (pre-patch)"
cve = "CVE-2025-21333"
author = "KernelSight"
severity = "high"
strings:
$mz = { 4D 5A }
$driver_name = "vsp.sys" wide ascii nocase
$internal_name = "InternalName" wide
$vuln_version = "10.0.26100.2605" wide ascii
$func_receive = "VspReceivePacket" ascii
$func_channel = "VspProcessChannelMessage" ascii
$func_gpa = "VspHandleGpaDirectPacket" ascii
condition:
$mz at 0 and $driver_name and $internal_name and $vuln_version
}
ETW Indicators
| Provider | Event / Signal | Relevance |
|---|---|---|
Microsoft-Windows-Hyper-V-Worker |
VMBus channel message events | Detects abnormal VMBus packet sizes sent from guest to host VSP |
Microsoft-Windows-Hyper-V-VmSwitch |
Virtual switch packet processing | Captures anomalous network VSP traffic patterns during exploitation |
Microsoft-Windows-Kernel-Process |
Host process token changes | Identifies the guest-to-host token swap achieving SYSTEM on the host |
Microsoft-Windows-Security-Auditing |
Event 4688 — Process creation | Detects unexpected SYSTEM-level process spawns on the Hyper-V host following VMBus activity |
Microsoft-Windows-Kernel-Audit |
Token modification on host | Captures privilege escalation from the vmwp.exe worker process context to SYSTEM |
Behavioral Indicators
- A Hyper-V guest VM sending VMBus channel messages with packet size fields exceeding the pre-allocated host-side buffer capacity, triggering heap overflow in
VspReceivePacketon the host kernel - Anomalous NonPagedPoolNx allocation churn on the Hyper-V host coinciding with VMBus channel activity from a specific guest, indicating pool spray via legitimate VMBus operations
- The
vmwp.exeworker process (or host kernel context) experiencing pool corruption events correlated with guest VM VMBus traffic spikes - Unexpected SYSTEM-privilege process creation on the host originating from a VM worker process context, indicating successful guest-to-host escape
- Guest VM performing rapid open/close cycles on VMBus channels to multiple VSP endpoints (storage, networking) as part of pool grooming before triggering the overflow