Critical vulnerability in the Xen hypervisor
The critical elevation privilege vulnerability has been corrected in the hypervisor Xen. This gap allows to gain control over the host server. Seven years this problem is present in the Xen code base.
The developers of the Xen hypervisor released nine security patches, eliminating multiple vulnerabilities in the server software. One of the flaws could allow an attacker to gain control over the host server. We are talking about the vulnerability CVE-2015-7835 (XSA-148), by which the paravirtualization guest can manage memory OS of the host and other virtual machines. The problem was discovered by engineers Alibaba, which recently joined the development of Xen. (more…)