Saturday, October 04, 2014

XEN bug crashes Amazon and Rackspace clouds

There was substantial speculation about XSA-108 among bloggers, tweeters, and reporters 

In other words, a vulnerability appears to have been found that, rather risk having hackers take advantage of by announcing, has been embargoed until it is fixed.
The vulnerability is due to insufficient bounds checking on the Model-Specific Register (MSR) range while emulating read and write accesses for use by the Advanced Programmable Interrupt Controller (APIC) an affected system. An authenticated, adjacent attacker on a guest operating system could exploit this vulnerability to cause the host operating system to crash, resulting in a DoS condition. An attacker could also use this vulnerability to gain access to sensitive information from the host operating system or other guest operating systems that could be leveraged to conduct further attacks.
XSA-108 was caused by a bug in the emulation code used when running HVM guests on x86 processors. The bug allows an attacker with elevated guest OS privileges to crash the host or to read up to 3 KiB of random memory that might not be assigned to the guest. The memory could contain confidential information if it is assigned to a different guest or the hypervisor. The vulnerability does not apply to PV guests.

Comments: Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?