In late October the Xen Project who is the maintainer of its very popular Xen Project virtualization software (defined) released a series of security advisories to resolve 9 security issues (consisting of 8 CVEs (defined)) within their software. The most serious of which (described in this advisory) has been present within the software for the last 7 years (but went undetected during that time).
Why Should These Issues Be Considered Important?
The most serious issue which affects version 3.4 (onwards) of the Xen Project involved how a guest server (namely a server which only exists in software rather than a physical device enabling multiple servers to exist on a single physical server) accesses the memory of the physical server within which it resides. This was due to code that validates access to the page table (see page 10 and 11 of this PDF for a definition of a level 2 table specific to this vulnerability. This slide deck explains the more general concept) being bypassed under certain conditions meaning that the guest server (if under the control of an attacker or malware) could have escalated it’s privileges to completely control the physical server.
The remaining 8 security issues could also cause a severe impact to your server infrastructure since they are denial of service issues (defined).
How Can I Protect Myself From These Issues?
While mitigations are available for the majority of these issues, it is recommended to apply the necessary security updates if you use the Xen Project virtualization software within your organization.
The main Xen security advisories page is located here. Links to the appropriate advisories with steps to install the necessary updates are provided below:
- arm: Host crash when preempting a multicall
- arm: various unimplemented hypercalls log without rate limiting
- arm: Race between domain destruction and memory allocation decrease
- x86: Uncontrolled creation of large page mappings by PV guests
- leak of main per-domain vcpu pointer array
- x86: Long latency populate-on-demand operation is not preemptible
- x86: leak of per-domain profiling-related vcpu pointer array
- x86: some pmu and profiling hypercalls log without rate limiting
- x86: populate-on-demand balloon size inaccuracy can crash guests