Threat Level: green Handler on Duty: Richard Porter

SANS ISC: Xen Security Advisory - XSA 108 - SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Xen Security Advisory - XSA 108 -

Xen has issued an advisory and a related patch to address an issue that allows a "buggy or malicious HVM guest to crash the host or read data relating to other guests or the hypervisor itself."

Xen 4.1 and onward are vulnerable, only x86 systems are vulnerable. ARM systems are not vulnerable.

Applying the patch resolves this issue.

Russ McRee

201 Posts
ISC Handler
Oct 1st 2014
This undoubtedly was the reason why Amazon and Rackspace decided to reboot their worlds last week. And why the Softlayer data center in the Pacific Northwest crashed and burned at 3 PM today. We were down for an hour after they applied the patch.
Yes, rackspace notified me earlier today that the Xen issue was the reason for the restart, and apologized for the short notice.

"When we learned of the security issue and realized its significance early last week, our engineers worked with our Xen partners to develop and test a patch, and organize a reboot plan. The patch wasn’t ready until the evening of Friday, Sept. 26. And the technical details of the vulnerability were scheduled to be publicly released on Wednesday, Oct. 1."

They had announced earlier that the reboot was coming for security reasons, but did not specify Xen. They did mention that someone else had:

"Another major cloud provider did attribute its reboot to security problems with Xen, which put all users of the affected versions of that hypervisor at heightened risk."

2 Posts

Sign Up for Free or Log In to start participating in the conversation!