Yuhao Jiang
/ former ctfer @ Vidar-Team
/ Security Researcher @ Ant Group Light-Year Security Lab
/ VMware Fusion VM Escape at GeekPwn 2022
/ Best Privilege Escalation at Pwnie Awards 2023
/ VMware ESXI VM Escape Tianfu Cup 2023
/ danisjiang [at] gmail [dot] com
BlackHat Asia & CanSecWest 2023: URB Excalibur: The New VMware All-Platform VM Escapes
BlackHat USA 2025: Dark Corners: How a Failed Patch Left VMware ESXi VM Escapes Open for Two Years
CVE List:
VMware: CVE-2022-31705, CVE-2024-22252
VirtualBox: CVE-2025-21571, CVE-2026-21981, CVE-2026-46768, CVE-2026-46815, CVE-2026-46816, CVE-2026-46825, CVE-2026-46877
Linux: CVE-2025-40004, CVE-2025-40211, CVE-2025-71075, CVE-2025-68344, CVE-2025-68346, CVE-2025-68753, CVE-2025-68347, CVE-2025-71101, CVE-2025-68799, CVE-2026-23158, CVE-2026-23180, CVE-2026-31395, CVE-2026-23206, CVE-2026-31464, CVE-2026-31649, CVE-2026-31766, CVE-2026-31603, CVE-2026-43205, CVE-2026-45994, CVE-2026-45999, CVE-2026-46022, CVE-2026-46023, CVE-2026-46064, CVE-2026-46070, CVE-2026-46078, CVE-2026-46161
LangChain: CVE-2024-27444
llama_index: CVE-2024-3271
llama.cpp: CVE-2024-32878
libavif: CVE-2025-48174, CVE-2025-48175