Security Alerts & News
by Tymoteusz A. Góral

History
#1230 Xen patches critical guest privilege escalation bug
A freshly uncovered bug in the Xen virtualisation hypervisor could potentially allow guests to escalate their privileges until they have full control of the hosts they're running on.

The Xen hypervisor is used by cloud giants Amazon Web Services, IBM and Rackspace.

Inadequate security checks of how virtual machines access memory means a malicous, paravirtualised guest administrator can raise their system privileges to that of the host on unpatched installations, Xen said.

"The paravirtualisation pagetable code has fast-paths for making updates to pre-existing
pagetable entries, to skip expensive re-validation in safe cases (eg. clearing only Access/Dirty bits)," Xen's security team said in its advisory for XSA 182.
Read more
#1234 Cyberattack claims multiple airports in Vietnam
#1233 Hacking Imgur for fun and profit
#1232 Android Stagefright bug required 115 patches, millions still at risk
#1231 Cisco 2016 Midyear Cybersecurity Report (PDF)
#1230 Xen patches critical guest privilege escalation bug
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12