[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] PV privilege escalation - advisory

I'd also love to know if this instruction is available if VT is disabled.
Basically, I run ~25 PV Linux domUs none of which has an old kernel and 1 HVM.
(A FreeBSD box, with a user that I do not have to worry about)

A malicious user could probably remove the bugfix from his linux
kernel version and have a happy ride again, so this, well, sucks.

Flipping something in BIOS would make me a lot happier.

2012/6/14 Jonathan Tripathy <jonnyt@xxxxxxxxxxx>:

>>>  From a brief look this vulnerability does not impact the hypervisor..
>>> right ?
>> The bug is on the hypervisor as well:
>> https://bugzilla.redhat.com/show_bug.cgi?id=813428
> My understanding is that this is *only* a hypervisor issue, *not* a kernel
> issue. The only reason why an updated RHEL kernel-xen package fixes this, is
> because the kernel-xen package includes the Xen hypervisor. I've always
> thought the RHEL package name "kernel-xen" was misleading. They should have
> called it something like "xen-server" or something.
> Please someone correct me if I'm wrong

Don't know :>

the purpose of libvirt is to provide an abstraction layer hiding all
xen features added since 2006 until they were finally understood and
copied by the kvm devs.

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.