BitVisor VirtIO Network Device Emulation Divide-By-Zero Vulnerability Leading to Host Hypervisor Crash

A divide-by-zero vulnerability has been identified in the VirtIO network device emulation of BitVisor. This issue, present from commit 108df6 (May 20, 2020) to commit 480907 (July 6, 2025), allows local attackers to cause a denial-of-service condition by crafting specific PCI configuration space accesses. The vulnerability arises because the emulation does not properly validate queue sizes, enabling a guest driver to set a queue size of zero, which then leads to a crash of the host hypervisor.

Impact

Exploitation of this vulnerability causes a crash of the host hypervisor, disrupting all running virtual machines.

Reproduction

To reproduce this vulnerability, a local attacker must access the PCI configuration space of a para-virtualized VirtIO network device in BitVisor. The attacker can then manipulate the queue size settings to create a divide-by-zero condition in the network device emulation, specifically in the 'do_net_ctrl' function, which processes network control commands. This unhandled division by zero triggers a crash of the host hypervisor.

Remediation

Users can update to the BitVisor commit de8488, which addresses this vulnerability by adding proper queue size validation before processing PCI configuration space accesses.