Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Critical Xen PV guests vulnerabilities SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Critical Xen PV guests vulnerabilities

Xen released a patch to fix a critical vulnerability affecting x86 PV[1] guests. A malicious administrator on a vulnerable guest could escalate his privileges to that of the host. All versions of Xen are reported vulnerable but only on x86 hardware. A mitigation is to run only HVM[2] guests but patch as soon as possible. The security advisory is available here (CVE-2016-6258).

A second advisory has been released which affects 32bits PV guests and may cause a crash of the hypervisor resulting in a denial of service for other guests. The security advisory is available here (CVE-2016-6259).

[1] Paravirtualization is an efficient and lightweight virtualization technique introduced by Xen, later adopted also by other virtualization solutions. Paravirtualization doesn't require virtualization extensions from the host CPU. However paravirtualized guests require special kernel that is ported to run natively on Xen, so the guests are aware of the hypervisor and can run efficiently without emulation or virtual emulated hardware. Xen PV guest kernels exist for Linux, NetBSD, FreeBSD, OpenSolaris and Novell Netware operating systems.

[2] Hardware Virtual Machine (full virtualization)

Xavier Mertens (@xme)
ISC Handler - Freelance Security Consultant

I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS Threat Hunting London 2022


649 Posts
ISC Handler
Jul 27th 2016

Sign Up for Free or Log In to start participating in the conversation!