An issue exists in Xen up to and including 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xen xen |
||
debian debian linux 9.0 |