Xen vulnerability exposure (CVE2014-7188)
Xen is one of the large-scale deployment virtualization solutions. This round of * EMBARGO * exposes a total of five vulnerabilities, the last of which was disclosed on the evening of January 1, October 1, 2014, Beijing time, this numbered CVE2014-7188 vulnerability was discovered by Jan Beulich, an SUSE Linux engineer, and the implementation of Xen is slightly different from that of KVM. In x86 architecture, its hypervisor runs on RING-0, the traditional Linux kernel host runs on RING-1. Generally, the system calls RING-1 directly, and only hypercall calls RING-0, the code that causes this vulnerability is that the hypercall of advanced power management can only access 256 MSR (Model-specific Register), but in fact 1024 MSR can be read and written, there will be no issues with writing, while reading may cause security risks. Attackers may exploit the following methods: 1. Reading the address of more than one page table and then referencing it to cause a crash on the physical machine; 2, read Other guest information on the same physical machine causes information leakage. At present, the Xen community has been fixed. From the patch perspective, the read/write range is simply adjusted. This vulnerability only affects the implementation of the x86 platform, and the ARM platform is not affected.
Usually the use of XEN is very difficult, interested readers can go to see the analysis of the famous Escape Vulnerability CVE-2012-0217 Virtual Machine [NOTE 1], the current cost of escape Xen> KVM> docker. "
[NOTE 1] Advanced Exploitation of Xen Hypervisor Sysret VM Escape Vulnerability see
How does XenServer add local storage?
Enable and configure the SNMP service for Citrix XenServer
Install XS-Tools (XenServer) in CentOS/Linux)
XenServer Tutorial: How to Implement hot migration
This article permanently updates the link address: