#555: VirtualBox VM Escape: Integer Overflow Explained Clearly

In this episode, David Bombal sits down with vulnerability researcher Vladimir Tokarev (with Dawid on the interview) to show what AI-assisted vulnerability research looks like when it actually works. Vladimir walks through two real vulnerability case studies and uses them to explain a practical workflow for finding bugs faster with LLMs, without pretending the AI is “fully autonomous.” Demo 1: Gemini CLI command injection Vladimir demonstrates a command injection issue in Gemini CLI tied to the IDE / VS Code extension install flow. He shows how a malicious VSIX file name or path can be crafted so that when the install command is executed, the system ends up running an attacker-controlled command (the demo uses a harmless calculator launch to prove execution). The conversation then breaks down what a VSIX is, what the realistic attack paths are (user tricked into installing a malicious extension or placing it in the right directory), and why this class of bug matters for endpoints running local AI agents. Demo 2: VirtualBox integer overflow and VM escape class impact Next, Vladimir switches to a VirtualBox vulnerability involving an integer overflow that can lead to out-of-bounds read/write in the host process. Because of architecture constraints, he shows the exploit behavior via a recorded clip, then explains the bug using source code. The key teaching moment is the mismatch between 32-bit arithmetic used in bounds checking and 64-bit pointer arithmetic used during the actual memory move, creating a pathway to bypass checks and copy memory outside the intended buffer. Vladimir also explains why having both read and write primitives is powerful for exploitation, and how modern mitigations make “blind” exploitation unrealistic without memory disclosure. How the bugs were found with AI Vladimir then explains the workflow he uses in real engagements: • Run static analysis to generate leads at scale • Use an LLM to triage and filter out noise • Validate the remaining findings by tracing code paths and checking exploitability • Use AI again to accelerate setup, debugging, reverse engineering, and iteration He shares a key insight: the win is not “AI finds everything for you,” it is that AI helps you spend your time on the hardest parts—validation, exploit logic, and decision-making—instead of drowning in thousands (or millions) of findings. Why there is no fully autonomous vuln-research agent yet Finally, Vladimir lays out four practical blockers: 1. Depth reasoning (long multi-step exploit chains) 2. Context limits (missing system-level constraints and assumptions) 3. Learning from failure (repeating bad leads) 4. Exploration (poor goal-driven search without strong reinforcement learning) // Vladimir Tokarev’s SOCIAL // X: https://x.com/G1ND1L4 LinkedIn: / vladimir-eliezer-tokarev // Dawid van Straaten’s SOCIAL // LinkedIn: / dawid-van-straaten-31a3742b X: https://x.com/nullaxiom?s=21 // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... Disclaimer: This video is for educational purposes only.