Xen Patches 'Worst'-Ever Virtual Machine Escape Vulnerability

Bug remained undetected for seven years and enabled complete control of host system.

NetworkComputing logo in a gray background | NetworkComputing

One of the fundamental assumptions in virtualized computing environments is that code running in one virtual machine cannot escape its confines and directly access the host operating system and thereby other VMs running on the same physical server. Any vulnerability that enables a VM escape is considered a pretty big deal.

So news this week that a bug of precisely this nature had remained undetected for seven years in the popular Xen hypervisor is sure to prompt questions about the open source project’s security practices.

In an advisory issued yesterday, the Xen Project described the now patched vulnerability as one that could allow the administrator of a guest VM to escalate privileges and take complete control of the host system. The vulnerability gives attackers a way to bypass a mechanism in the Xen hypervisor that is designed to prevent guest VMs from making certain changes to table entries.

“The code to validate level 2 page table entries is bypassed when certain conditions are satisfied,” the Xen advisory noted. “This means that a  [guest VM] can create writeable mappings using super page mappings,” the alert said referring to a virtual memory management capability.

The issue is somewhat mitigated in situations where the host system, rather than a guest administrator, controls the guest VM, the alert noted. However, even here, it is possible for an untrusted guest administrator to trigger the flaw unless other measures are taken to prevent the guest VM from loading code into the kernel, the Xen security advisory warned.

Read the rest of the article on Dark Reading.

About the Author

Jai Vijayan, Contributing Writer, Dark Reading

Freelance writerJai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics including Big Data, Hadoop, Internet of Things, E-voting and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, IL.

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights