Xen lifts lid on virtual machine security bug
Flaw in hypervisor could have had serious cloud repercussions


The Xen Project has detailed the critical vulnerability that led to AWS and Rackspace shutting down their cloud services to fix the threat.
The bug prompted the cloud providers to make the unusual move of rebooting servers in order to protect customers. The flaw affected the Xen hypervisor, widely used by hosting firms and cloud providers.
In a blog post on the Xen Project Community, it said the bug, called XSA-108, could allow hackers to read sensitive information from a virtual machine.
"XSA-108 was caused by a bug in the emulation code used when running HVM guests on x86 processors. The bug allows an attacker with elevated guest OS privileges to crash the host or to read up to three KiB of random memory that might not be assigned to the guest," the advisory stated.
"The memory could contain confidential information if it is assigned to a different guest or the hypervisor."
A patch to fix the flaw was released quietly to customers who promised to sign an NDA in order to prevent hackers from becoming aware of the flaw and using this knowledge to mount an attack on their cloud infrastructure.
The Xen Project hailed the successful patching as testament to working privately with cloud providers to avert catastrophe.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
“We believe that the process has been working well, as it did for XSA-108. Several cloud providers updated their servers, something that they decided was necessary in this case to best ensure their users were not put at risk,” the project said. “Most likely smaller vendors have done the same. Product vendors and Linux distributions will make updates available to their users following the embargo date.”
The project said that in light of the flaw, public interest in software security and vulnerabilities would likely continue, if not increase.
“Next week, we will start an open discussion on our mailing lists, to make any necessary adjustments to our security process in light of pressure exerted on vendors as well as community members during the embargo period for XSA-108,” the project said.
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.
-
Why are many men in tech blind to the gender divide?
In-depth From bias to better recognition, male allies in tech must challenge the status quo to advance gender equality
By Keri Allan
-
BenQ PD3226G monitor review
Reviews This 32-inch monitor aims to provide the best of all possible worlds – 4K resolution, 144Hz refresh rate and pro-class color accuracy – and it mostly succeeds
By Sasha Muller