Candlelites

Everything from Everywhere

xen updates hypervisor for guest breakout vulnerability

xen updates hypervisor for guest breakout vulnerability News Article With The full text news. The Resource Link is down the post and you can View this News Article in the source page.



xen updates hypervisor for guest breakout vulnerability

the open-source xen hypervisor is widely used to help enable public cloud operations. back in october 2014, a vulnerability in xen led to a reboot of public cloud services at amazon, rackspace and ibm softlayer. this week a new vulnerability was disclosed in xen, with the potential to enable a guest virtual machine to break out of the hypervisor isolation. but in contrast to the issue in 2014, the new xsa-212 vulnerability did not require a reboot of the public cloud.the promise of guest virtual machine isolation is a core element of virtualization hypervisor security. the new xsa-212 vulnerability, also known as cve-2017-7228, is titled by the open-source project as, 'broken check in memory_exchange() permits pv guest breakout.' the flaw was reported to the project by google project zero security researcher jann horn."a malicious or buggy 64-bit pv guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks," the xen advisory warns.  pv refers to paravirtualization and is a different from of virtualization than hardware virtualization, also referred to as hvm. with pv a host operating system is able make use of virtualization without needed specific hypervisor extensions on the server's cpu.related readingas it turn out, the vulnerability does not impact hvm guests, restricting the impact only to x86 64-bit pv guests. additionally, the xen advisory notes that the vulnerability can be avoided if the gue...