Critical Xen PV guests vulnerabilities

Published: 2016-07-27
Last Updated: 2016-07-27 10:38:14 UTC
by Xavier Mertens (Version: 1)
0 comment(s)

Xen released a patch to fix a critical vulnerability affecting x86 PV[1] guests. A malicious administrator on a vulnerable guest could escalate his privileges to that of the host. All versions of Xen are reported vulnerable but only on x86 hardware. A mitigation is to run only HVM[2] guests but patch as soon as possible. The security advisory is available here (CVE-2016-6258).

A second advisory has been released which affects 32bits PV guests and may cause a crash of the hypervisor resulting in a denial of service for other guests. The security advisory is available here (CVE-2016-6259).

[1] Paravirtualization is an efficient and lightweight virtualization technique introduced by Xen, later adopted also by other virtualization solutions. Paravirtualization doesn't require virtualization extensions from the host CPU. However paravirtualized guests require special kernel that is ported to run natively on Xen, so the guests are aware of the hypervisor and can run efficiently without emulation or virtual emulated hardware. Xen PV guest kernels exist for Linux, NetBSD, FreeBSD, OpenSolaris and Novell Netware operating systems.

[2] Hardware Virtual Machine (full virtualization)

Xavier Mertens (@xme)
ISC Handler - Freelance Security Consultant

0 comment(s)


Diary Archives