Wow, Joanna of ITL says “IMHO this is the worst bug affecting Xen, ever.”
Excerpt from Qubes Security Bulletin #22:
Critical Xen bug in PV memory virtualization code (XSA 148)
The Xen Security Team has announced a critical security bug (XSA 148) in the hypervisor code handling memory virtualization for the PV VMs :
| The code to validate level 2 page table entries is bypassed when
| certain conditions are satisfied. This means that a PV guest can
| create writeable mappings using super page mappings.
| Such writeable mappings can violate Xen intended invariants for pages
| which Xen is supposed to keep read-only.
The above is a political way of stating the bug is a very critical one. Probably the worst we have seen affecting the Xen hypervisor, ever. Sadly.