Posts Tagged ‘CVE-2013-2194’

Vulnerabilities in Xen

Vulnerabilities in Xen

Vulnerabilities in Xen allowing from a guest environment to get access to a host system

In the components of virtualization based on the Xen hypervisor revealed a series of security vulnerabilities. An integer overflow (CVE-2013-2194) in the parser ELF format, used to load the cores for guest systems can be used for the organization of the code on the host system.

The problem occurs only when the guest system operating mode paravirtulizatsii (PV) has the power to indicate a custom kernel. System in which the use of nuclear specified by the host system, the issue does not occur. (more…)