Xen Security Advisory - XSA 108 - http://xenbits.xen.org/xsa/advisory-108.html
Xen has issued an advisory and a related patch to address an issue that allows a "buggy or malicious HVM guest to crash the host or read data relating to other guests or the hypervisor itself."
Xen 4.1 and onward are vulnerable, only x86 systems are vulnerable. ARM systems are not vulnerable.
Applying the patch resolves this issue.
Keywords: xen
2 comment(s)
×
Diary Archives
Comments
Anonymous
Oct 2nd 2014
1 decade ago
"When we learned of the security issue and realized its significance early last week, our engineers worked with our Xen partners to develop and test a patch, and organize a reboot plan. The patch wasn’t ready until the evening of Friday, Sept. 26. And the technical details of the vulnerability were scheduled to be publicly released on Wednesday, Oct. 1."
They had announced earlier that the reboot was coming for security reasons, but did not specify Xen. They did mention that someone else had:
"Another major cloud provider did attribute its reboot to security problems with Xen, which put all users of the affected versions of that hypervisor at heightened risk."
Anonymous
Oct 2nd 2014
1 decade ago