CVE-2018-8897 Opens Xen PV Systems Up To Exploit
Written by Michael Larabel in Virtualization on 9 May 2018 at 05:15 AM EDT. 1 Comment
VIRTUALIZATION --
Besides kernels being addressed for the newly-disclosed CVE-2018-8897 vulnerability, users of Xen para-virtualization should also run a patched Xen system right away.

This security vulnerability can allow a malicious Xen PV guest with unprivileged rights to escalate their privilege to that of the hypervisor. Fortunately, only Xen PV on x86 is affected and not Xen HVM or PVH guests. Additionally, only x86-based AMD/Intel systems are affected.

The privilege escalation is a bit more eventful than the vulnerable kernels being just subject to denial of service / crashing. More details on the Xen impact and the available patches via XSA-260.
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 10,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Related Virtualization News
Popular News This Week