Buffer overflow in Xen 4.7.x and previous versions allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xen xen |
Triple whammy of bugs in popular open-source platform
Analysis The Xen project has today patched four security bugs in its open-source hypervisor – three potentially allowing guest virtual machines to take over their host servers. The other programming cockup allows a guest to crash the underlying machine. This is not great news for cloud providers or anyone else running untrusted VMs on their hardware and relying on Xen, because the three holes can be exploited by malicious guests to escape their confines and attack other virtual machines or the...