Recently we were informed by our data center about the Xen security vulnerability XSA-108. According to Xen, this vulnerability has a major impact on Xen hypervisors. The following is more detailed information:
Technical Description of the Vulnerability
The MSR range specified for APIC use in the x2APIC access model spans 256 MSRs. Hypervisor code emulating read and write accesses to these
MSRs erroneously covered 1024 MSRs. While the write emulation path is written that accesses to the extra MSRs would not have any bad
effect (they end up being no-ops), the read path would (attempt to) access memory beyond the single page set up for APIC emulation.
Impact
A buggy or malicious HVM guest machine can crash the entire Xen Hypervisor/host or it can read data relating to other guests or the hypervisor itself.
Vulnerable systems
Xen Hypervisor running Xen 4.1 and onwards are vulnerable and must be patched.
Only x86 systems are vulnerable. ARM systems are not vulnerable.
Mitigation
Only HVM guest machines are vulnerable. Hence, Xen Hypervisors running only PV guests are safe and they can ignore this vulnerability.
Resolution
Applying the patch attached in following URL will resolve this issue:
http://xenbits.xen.org/xsa/advisory-108.html
Impact on AccuWebHosting servers
To mitigate this vulnerability, we have already applied the security patch in all our XEN Hypervisors. All AccuWebHosting Hypervisors are safe.
Please refer to the following URLs for more information:
http://xenbits.xen.org/xsa/advisory-108.html
http://xenbits.xen.org/xsa/
Thanks,
