QEMU may be fro-Xen out after two new bugs emerge
Five guest-host escalation SNAFUs might be stretching the virtual friendship
The Xen project has revealed another two bugs in the QEMU hypervisor and is now wondering the extent to which it should support the buggy code.
The first of the flaws, CVE-2015-5165, means “A guest may be able to read sensitive host-level data relating to itself which resides in the QEMU process” and impacts “All Xen systems running x86 HVM guests without stubdomains which have been configured with an emulated RTL8139 driver mode”.
There's a workaround and the Xen team are asking you to use it, because they don't feel they have the time or resources to backport the QEMU team's patches.
The advisory for the flaw also offers the following contentious text:
“We will encourage the community to have a conversation, when this advisory is released, about the continuing security support status of qemu-xen-traditional in non-stub-dm configurations.”
We'll keep an eye on that for you!
CVE-2015-5166 comes about “When unplugging an emulated block device the device was not fully unplugged, meaning a second unplug attempt would attempt to unplug the device a second time using a previously freed pointer.”
As a result “An HVM guest which has access to an emulated IDE disk device may be able to exploit this vulnerability in order to take over the qemu process elevating its privilege to that of the qemu process.”
No workaround is available: you'll need to get the QEMU patches to sort it out.
With another two similar flaws now revealed, little wonder the Xen community is pondering its future relationship with QEMU. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Trusted Platform Module
- Zero trust