1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Xen patches new virtual-machine escape vulnerability

Discussion in 'CSO' started by RSS, Jul 28, 2015.

  1. RSS

    RSS New Member Member

    A new vulnerability in emulation code used by the Xen virtualization software can allow attackers to bypass the critical security barrier between virtual machines and the host operating systems they run on.

    The vulnerability is located in the CD-ROM drive emulation feature of QEMU, an open source hardware emulator that's used by Xen, KVM and other virtualization platforms. The flaw is tracked as CVE-2015-5154 in the Common Vulnerabilities and Exposures database.

    The Xen Project released patches for its supported releases Monday and noted that all Xen systems running x86 HVM guests without stubdomains and which have been configured with an emulated CD-ROM drive model are vulnerable.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page