This article is more than 1 year old

New Xen bug uses security feature to destroy security

Dis-ARM-ing flaw can cook your console

Xen has revealed details of bug CVE-2015-6654, which it warned about a couple of weeks back.

The good news is that this one is rather less nasty than the string of guest/host escapes it's reported lately thanks largely to leaks in QEMU. Another nice piece of news is that this time around the problem's also only on ARM-compatible silicon, so even fewer folk will need to reach for their patch-o-matics.

The bad news is that it's still a flaw and one that can create a denial of service attack on a Xen system.

“A malicious infrastructure domain, which is allowed to map memory of a foreign guest, would be able to flood the Xen console,” says the advice from the Xen Project about the bug.

“As a result, in a system designed to enhance security by radically disaggregating the management, the security may be reduced. But, the security will be no worse than a non-disaggregated design.”

Another little ray of sunshine comes from the fact that one mitigation is simply to reduce the hypervisor log level so that it sends fewer messages. With less logging, the chances of a DoS fall.

Here comes a little grey cloud: “Switching from disaggregated to a non-disaggregated operation does NOT mitigate these vulnerabilities. Rather, it simply recategorises the vulnerability to hostile management code, regarding it 'as designed'; thus it merely reclassifies these issues as 'not a bug'.”

“Users and vendors of disaggregated systems should not change their configuration.”

Patching is therefore recommended. Go look for xsa141.patch. And enjoy your upgrade. ®

More about

TIP US OFF

Send us news


Other stories you might like