Uncategorized

Pandavirtualization: Exploiting the Xen hypervisor

Pandavirtualization: Exploiting the Xen hypervisor
Posted by Jann Horn, Project Zero

On 2017-03-14, I reported a bug to Xen’s security team that permits an attacker with control over the kernel of a paravirtualized x86-64 Xen guest to break out of the hypervisor and gain full control over the machine’s physical memory. The Xen Project publicly released an advisory and a patch for this issue 2017-04-04. To demonstrate the impact of the issue, I created an exploit that, when executed in one 64-bit PV guest with root privileges, will execute a shell command as root in all other 64-bit PV guests (including dom0) on the same physical machine.[…]

https://xenbits.xen.org/xsa/advisory-212.html

https://bugs.chromium.org/p/project-zero/issues/detail?id=1184

https://googleprojectzero.blogspot.com/2017/04/pandavirtualization-exploiting-xen.html

 

 

Standard

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s