Understanding The Xen XSA-108 Security Issue
Many Phoronix readers likely heard of Amazon Web Services, Rackspace, and other hosting providers rebooting their clouds in recent days as a result of a Xen security issue. If you're not yet familiar with this XSA-108 security issue, our friends at Xen Orchestra have a nice write-up covering the issue.
The XSA-108 issue could allow anyone with administrator access to a Xen HVM/PVHVM guest to crash the host or read portions of system's host memory -- either from another guest or the hypervisor itself. Like OpenSSL's Heartbleed bug, only a small amount of memory could be read at a time (up to 3KB) but could be read multiple times over.
Xen stakeholders wishing to learn more about the XSA-108 security issue now that it's no longer embargoed, head on over to the Xen Orchestra blog for their good write-up on the matter.
The XSA-108 issue could allow anyone with administrator access to a Xen HVM/PVHVM guest to crash the host or read portions of system's host memory -- either from another guest or the hypervisor itself. Like OpenSSL's Heartbleed bug, only a small amount of memory could be read at a time (up to 3KB) but could be read multiple times over.
Xen stakeholders wishing to learn more about the XSA-108 security issue now that it's no longer embargoed, head on over to the Xen Orchestra blog for their good write-up on the matter.
1 Comment