From Ring3 to Ring0 - Xen emulator flaws

Bitdefender researcher Andrei Lutas published [download id=”3808″], a whitepaper detailing the exploitation of two distinct vulnerabilities which he discovered in the Xen x86 instruction emulator, also affecting other platforms based on Xen such as XenServer, XenClient, XenClient XT, Amazon and, perhaps (although this has not been tested) Oracle VM and others.

These vulnerabilities are exploitable and could lead to either denial of service at VM level or privilege escalation (from the VM userland to the kernel of the VM system), with the possibility of bypassing Intel Supervisory Mode Execution Prevention.

The vulnerabilities are listed as Xen Security Advisories XSA-105 and XSA-106. Bitdefender researchers strongly recommend applying the relevant patches.

“I would like to take this opportunity to commend the Xen team, who have acted very fast to patch the flaws” commented Bitdefender security researcher Andrei Lutas.