Xen’s highly critical virtual machine escape flaw gets a fix
The Xen Project fixed several vulnerabilities in its popular virtualization software, including one that could allow potential attackers to break out of a virtual machine and gain control over the host system.
Vulnerabilities that break the isolation layer between virtual machines are the most serious type for a hypervisor like Xen, whose main goal is to allow running multiple VMs on the same hardware in a secure manner.
The Xen patches released Thursday fix a total of nine vulnerabilities, but the privilege escalation one identified as CVE-2015-7835 is the most serious one.
It stems not from a traditional programming error, but from a logic flaw in how Xen implements memory virtualization for PV (paravirtualized) VMs. PV is a technique that enables virtualization on CPUs that don’t support hardware-assisted virtualization.