One of the fundamental assumptions in virtualized computing environments is that code running in one virtual machine cannot escape its confines and directly access the host operating system and thereby other VMs running on the same physical server. Any vulnerability that enables a VM escape is considered a pretty big deal.
So news this week that a bug of precisely this nature had remained undetected for seven years in the popular Xen hypervisor is sure to prompt questions about the open source project’s security practices.
In an advisory issued yesterday, the Xen Project described the now patched vulnerability as one that could allow the administrator of a guest VM to escalate privileges and take complete control of the host system. The vulnerability gives attackers a way to bypass a mechanism in the Xen hypervisor that is designed to prevent guest VMs from making certain changes to table entries.
“The code to validate level 2 page table entries is bypassed when certain conditions are satisfied,” the Xen advisory noted. “This means that a [guest VM] can create writeable mappings using super page mappings,” the alert said referring to a virtual memory management capability.
The issue is somewhat mitigated in situations where the host system, rather than a guest administrator, controls the guest VM, the alert noted. However, even here, it is possible for an untrusted guest administrator to trigger the flaw unless other measures are taken to prevent the guest VM from loading code into the kernel, the Xen security advisory warned.
Read the rest of the article on Dark Reading.