September 23, virtualization technology for the Linux kernel Xen was given a hat-trick with 3 security vulnerabilities. Xen vulnerabilities can be jumped out of the virtual host environment (ultra vires), or read other user data, control the hypervisor itself (host). A remote attacker could exploit a vulnerability that could cause the host system to crash and deny service to legitimate users. Xen Vulnerabilities and impact range is not small, such as Amazon AWS Large-scale restart server-the entire repair cycle lasted 5 days (from September 25 7 o'clock in the afternoon to September 30 5 o'clock in the afternoon), the impact of products include EC2, RDS, ElastiCache and redshift. There may be a lot of people who don't know much about Xen and the impact of Xen vulnerabilities on other cloud services vendors, and this article will look at AWS, Rackspace, and SoftLayer collisions from the Xen bug hat trick.
What is Xen?
Xen Technology Architecture Diagram
"Xen is an open source virtual machine Monitor, developed by Cambridge University," explains Wikipedia. It intends to run up to 128 fully functional operating systems on a single computer. "In fact, Xen is an open-source software similar to Enterprise ESX.
Xen put on a loophole hat trick
What are the three vulnerabilities and what are the dangers? We extracted a text from the article written by the cloud service provider Ucloud kernel team to get a clear picture of Xen vulnerabilities.
1. cve-2014-7154 harms and affects most. His father is dom0. Dom0 is important in the Xen architecture, which contains a set of tools that control the drive and control of the virtual machine. So it will affect the entire physical machine above all the virtual machines, such a loophole is the most frightening, sweeping scope, repair and need to restart, and even business interruption. From a technical point of view, it is mainly in the hvmop_track_dirty_vram inside the existence of conditions, Hvmop_track_dirty_vram is a control of dirty video memory tracking settings function.
2. cve-2014-7155. A client can use this vulnerability to load its own IDT or GDT, which can cause the virtual machine to go down and get root permissions. It should be noted that this is not a virtual machine escape, but rather a virtual machine root permissions. It is not a small harm, because the "black wide" and a lot of the right to mention the device. It is about the hlt, Lgdt, Lidt, LMSW instruction simulation of x 86 without privilege checking, which is used to load the global description schedule, interrupt descriptor table, or local descriptor tables.
3. cve-2014-7156 harm is lowest. Exploiting this vulnerability could lead to downtime for virtual machines, but downtime is not trivial. Technically, it is mainly in the x86 simulation of soft interrupts, no privilege checks, malicious HVM client code can cause the client downtime.
Comparison of 3 well-known cloud manufacturers under hat-trick
The Xen vulnerabilities are highly valued by IaaS service providers such as AWS, Rackspace and IBM SoftLayer. A SaaS cloud service provider, Rightscale, has released a report on the downtime of major vendors with Xen vulnerabilities, with a total of 450 samples. The details of the survey are as follows:
AWS: 5% of AWS Users have downtime of more than 1 hours, 51% users do not have downtime, and the rest of the time is very short for restarting or downtime as in the past. (Note: sample number is 349)
Rackspace: 13% Rackspace users have more than 1 hours of downtime. (Note: sample number is 66)
SoftLayer: 17% SoftLayer users have more than 1 hours of downtime. (Note: sample number is 42)
The report also shows that Xen is deployed internally by a total of 74 users. Although 41% of the users complained that the patch was a huge workload, 81% of users said they had a very smooth restart of the server process.
It goes without saying that the negative impact of restarting services on cloud computing cannot be erased. 10% of respondents said they may no longer continue to use AWS services, with Rackspace and softlayer ratios of 20 and 29% respectively. Most of these numbers are for those who have more than 1 hours of downtime.
Written in the last
In this era and the industry, stop 1 hours of service, the enterprise may be disastrous. Although all the service vendors to a good response speed, security and enough attention, not lucky, we give a praise at the same time can not help but think: can repair the loophole when not restart it? As companies increasingly rely on cloud computing providers such as AWS, Microsoft Azure, Google, SoftLayer, HP, Oracle and Rackspace, should there be some standard ways to deal with these problems?
Attached: Xen logo
Official homepage: http://www.cl.cam.ac.uk/research/srg/netos/xen/
(Zebian/Zhonghao)
Free Subscription "CSDN cloud Computing (left) and csdn large data (right)" micro-letter public number, real-time grasp of first-hand cloud news, to understand the latest big data progress!
CSDN publishes related cloud computing information, such as virtualization, Docker, OpenStack, Cloudstack, and data centers, sharing Hadoop, Spark, Nosql/newsql, HBase, Impala, memory calculations, stream computing, Machine learning and intelligent algorithms and other related large data views, providing cloud computing and large data technology, platform, practice and industry information services.