Posts Tagged ‘Xen Vulnerabilities’

Vulnerabilities 2014Critical vulnerability in the Xen hypervisor

The critical elevation privilege vulnerability has been corrected in the hypervisor Xen. This gap allows to gain control over the host server. Seven years this problem is present in the Xen code base.

The developers of the Xen hypervisor released nine security patches, eliminating multiple vulnerabilities in the server software. One of the flaws could allow an attacker to gain control over the host server. We are talking about the vulnerability CVE-2015-7835 (XSA-148), by which the paravirtualization guest can manage memory OS of the host and other virtual machines. The problem was discovered by engineers Alibaba, which recently joined the development of Xen. (more…)

Vulnerabilities in Xen

Vulnerabilities in Xen

Vulnerabilities in Xen allowing from a guest environment to get access to a host system

In the components of virtualization based on the Xen hypervisor revealed a series of security vulnerabilities. An integer overflow (CVE-2013-2194) in the parser ELF format, used to load the cores for guest systems can be used for the organization of the code on the host system.

The problem occurs only when the guest system operating mode paravirtulizatsii (PV) has the power to indicate a custom kernel. System in which the use of nuclear specified by the host system, the issue does not occur. (more…)