A freshly uncovered bug in the Xen virtualisation hypervisor could potentially allow guests to escalate their privileges until they have full control of the hosts they're running on.
The Xen hypervisor is used by cloud giants Amazon Web Services, IBM and Rackspace.
Inadequate security checks of how virtual machines access memory means a malicous, paravirtualised guest administrator can raise their system privileges to that of the host on unpatched installations, Xen said.
"The paravirtualisation pagetable code has fast-paths for making updates to pre-existing
pagetable entries, to skip expensive re-validation in safe cases (eg. clearing only Access/Dirty bits)," Xen's security team said in its advisory for XSA 182.