Xen VM schema

CVE-2015-7835

For seven years, Xen, the virtualization software used by Amazon Web Services and other cloud computing providers has contained a vulnerability that allowed attackers to break out of their virtual machines and access extremely sensitive parts of the host operating system.

Researchers say this is probably the worst bug ever to hit the Xen project, and was finally made public Thursday along with a patch.

This vulnerability was discovered by 栾尚聪 (好风) of Alibaba.

Vulnerable Systems

Xen 3.4 and onward are vulnerable.

Only x86 systems are vulnerable. ARM systems are not vulnerable.

Only PV guests can exploit the vulnerability. Both 32-bit and 64-bit
PV guests can do so.

NO COMMENTS