From Ring3 to Ring0 - Xen emulator flaws

Bitdefender researcher Andrei Lutas published [download id=”3808″], a whitepaper detailing the exploitation of two distinct vulnerabilities which he discovered in the Xen x86 instruction emulator, also affecting other platforms based on Xen such as XenServer, XenClient, XenClient XT, Amazon and, perhaps (although this has not been tested) Oracle VM and others.
These vulnerabilities are exploitable and could lead to either denial of service at VM level or privilege escalation (from the VM userland to the kernel of the VM system), with the possibility of bypassing Intel Supervisory Mode Execution Prevention.
The vulnerabilities are listed as Xen Security Advisories XSA-105 and XSA-106. Bitdefender researchers strongly recommend applying the relevant patches.
“I would like to take this opportunity to commend the Xen team, who have acted very fast to patch the flaws” commented Bitdefender security researcher Andrei Lutas.
tags
Author
Right now
Top posts
BackdoorDiplomacy Wields New Tools in Fresh Middle East Campaign
December 06, 2022
Side-Loading OneDrive for profit – Cryptojacking campaign detected in the wild
October 05, 2022
A Red Team Perspective on the Device42 Asset Management Appliance
August 10, 2022
Vulnerabilities Identified in Wyze Cam IoT Device
March 29, 2022
New FluBot and TeaBot Global Malware Campaigns Discovered
January 26, 2022
Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately
December 10, 2021