This article is more than 1 year old

How to make Xen, Qubes cry

Security researchers Jérémie Boutoille and Gabriel Campana have detailed how to exploit a serious guest escape bug in the Xen hypervisor that was patched at the end of last month.

The Quarkslab pair demonstrated how the programming flaw (XSA-182, CVE-2016-6258) can be used to bust out of a Qubes OS virtual machine and take over the whole box. Essentially, it involves marking virtual memory pages as present when they shouldn't be and from there accessing the host's physical memory at will. At that point, you can screw with the hypervisor to escape from guest to host and obtain a root shell.

It doesn't just affect Qubes – in theory any paravirtualized VM running on vulnerable Xen versions can be escaped – so we hope you've patched by now. ®

More about

TIP US OFF

Send us news