Xen lifts lid on virtual machine security bug

magnifying glass showing bug on binary code

The Xen Project has detailed the critical vulnerability that led to AWS and Rackspace shutting down their cloud services to fix the threat.

The bug prompted the cloud providers to make the unusual move of rebooting servers in order to protect customers. The flaw affected the Xen hypervisor, widely used by hosting firms and cloud providers.

In a blog post on the Xen Project Community, it said the bug, called XSA-108, could allow hackers to read sensitive information from a virtual machine.

"XSA-108 was caused by a bug in the emulation code used when running HVM guests on x86 processors. The bug allows an attacker with elevated guest OS privileges to crash the host or to read up to three KiB of random memory that might not be assigned to the guest," the advisory stated.

"The memory could contain confidential information if it is assigned to a different guest or the hypervisor."

A patch to fix the flaw was released quietly to customers who promised to sign an NDA in order to prevent hackers from becoming aware of the flaw and using this knowledge to mount an attack on their cloud infrastructure.

The Xen Project hailed the successful patching as testament to working privately with cloud providers to avert catastrophe.

“We believe that the process has been working well, as it did for XSA-108. Several cloud providers updated their servers, something that they decided was necessary in this case to best ensure their users were not put at risk,” the project said. “Most likely smaller vendors have done the same. Product vendors and Linux distributions will make updates available to their users following the embargo date.”

The project said that in light of the flaw, public interest in software security and vulnerabilities would likely continue, if not increase.

“Next week, we will start an open discussion on our mailing lists, to make any necessary adjustments to our security process in light of pressure exerted on vendors as well as community members during the embargo period for XSA-108,” the project said.

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.