Opened 5 months ago
#21942 new defect
Installer makes Windows crash with DRIVER_OVERRAN_STACK_BUFFER (BSOD)
| Reported by: | realityexists | Owned by: | |
|---|---|---|---|
| Component: | installer | Version: | VirtualBox-6.1.48 |
| Keywords: | Cc: | realityexists | |
| Guest type: | other | Host type: | Windows |
Description
I currently have VirtualBox 6.1.42 installed on Windows 7 x64. I ran the installer for 6.1.48 to upgrade it (VirtualBox-6.1.48-159471-Win.exe). Right after the installer's elevation prompt Windows bluescreened with DRIVER_OVERRAN_STACK_BUFFER.
After rebooting I tried again with the same result.
A memory dump was saved and WinDbg shows the following info from it:
0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_OVERRAN_STACK_BUFFER (f7) A driver has overrun a stack-based buffer. This overrun could potentially allow a malicious user to gain control of this machine. DESCRIPTION A driver overran a stack-based buffer (or local variable) in a way that would have overwritten the function's return address and jumped back to an arbitrary address when the function returned. This is the classic "buffer overrun" hacking attack and the system has been brought down to prevent a malicious user from gaining complete control of it. Do a kb to get a stack backtrace -- the last routine on the stack before the buffer overrun handlers and bugcheck call is the one that overran its local variable(s). Arguments: Arg1: d2de0ac497ff009b, Actual security check cookie from the stack Arg2: 0000f88000cdd163, Expected security check cookie Arg3: ffff077fff322e9c, Complement of the expected security check cookie Arg4: 0000000000000000, zero Debugging Details: ------------------ DEFAULT_BUCKET_ID: GS_FALSE_POSITIVE_MISSING_GSFRAME SECURITY_COOKIE: Expected 0000f88000cdd163 found d2de0ac497ff009b BUGCHECK_STR: 0xF7 PROCESS_NAME: msiexec.exe CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from fffff88000ce2f36 to fffff800038fbcc0 STACK_TEXT: fffff880`24339598 fffff880`00ce2f36 : 00000000`000000f7 d2de0ac4`97ff009b 0000f880`00cdd163 ffff077f`ff322e9c : nt!KeBugCheckEx fffff880`243395a0 fffff880`00ce3119 : 00000000`80000000 00000000`00001000 00000000`00000000 fffff880`24339778 : CI!_report_gsfailure+0x26 fffff880`243395e0 fffff800`03ba5fb0 : fffffa80`1a69ddf0 00000000`000fffff fffffa80`1a62b850 00000000`00000001 : CI!CiValidateImageHeader+0x17d fffff880`243396d0 fffff800`03cdca53 : 00000000`00000000 00000000`01000000 fffffa80`1a69ddf0 00000000`00000000 : nt!SeValidateImageHeader+0x58 fffff880`24339710 fffff800`03d1f69d : fffffa80`1a62b850 fffffa80`1a69ddf0 00000000`00000002 fffffa80`00000001 : nt!MiValidateImageHeader+0x233 fffff880`243397e0 fffff800`03b57ec9 : fffff880`24339a40 00000000`00000010 00000000`00000000 fffff880`00000001 : nt!MmCreateSection+0x92d fffff880`243399f0 fffff800`0390b243 : fffffa80`1a7f2b50 00000000`09deee78 fffff880`24339a88 00000000`09def000 : nt!NtCreateSection+0x171 fffff880`24339a70 00000000`77218f6a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`09deee58 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77218f6a STACK_COMMAND: kb FOLLOWUP_IP: CI!_report_gsfailure+26 fffff880`00ce2f36 cc int 3 SYMBOL_STACK_INDEX: 1 SYMBOL_NAME: CI!_report_gsfailure+26 FOLLOWUP_NAME: MachineOwner MODULE_NAME: CI IMAGE_NAME: CI.dll DEBUG_FLR_IMAGE_TIMESTAMP: 6530a8dc FAILURE_BUCKET_ID: X64_0xF7_MISSING_GSFRAME_CI!_report_gsfailure+26 BUCKET_ID: X64_0xF7_MISSING_GSFRAME_CI!_report_gsfailure+26 Followup: MachineOwner ---------
Note:
See TracTickets
for help on using tickets.
