Hypervisor headaches: Hosts hosed by x86 exception bugs
Microsoft, Xen, KVM et al need patches
Various hypervisors and operating systems are scrambling to patch around an x86 bug that lets an admin-level guest crash the underlying CPU, causing a denial-of-service to anyone else on the same machine.
The issue, described here, is that with some x86 CPUs, an attacker with kernel-mode code execution privileges on a guest operating system can hang the CPU.
The two CVEs Redmond cites are described by Xen (which has been updated to address the same issues) here. There's an alignment check exception (CVE-2015-5307) that can trigger an infinite loop in some x86 CPUs, and a debug exception (CVE-2015-8104) that can result in an infinite loop or a stack fault, depending on how it's triggered.
Patches have been issued for various 2008 and 2012 versions of Windows Server, and Windows 8.0, 8.1 and 10.
Redmond's not the only vendor to cover this one off. As well as the Xen note, there are advisories from:
Users of kvm or Xen on other Linux variants should keep an eye out for their exposure and patch information. ®
Broader topics
Narrower topics
- Azure
- Bing
- BSoD
- Excel
- Internet Explorer
- Microsoft 365
- Microsoft Build
- Microsoft Edge
- Microsoft Office
- Microsoft Surface
- Microsoft Teams
- .NET
- Office 365
- Outlook
- Patch Tuesday
- Pluton
- SharePoint
- Skype
- SQL Server
- Visual Studio
- Visual Studio Code
- Windows
- Windows 10
- Windows 11
- Windows 7
- Windows 8
- Windows Server
- Windows Server 2003
- Windows Server 2008
- Windows Server 2012
- Windows Server 2013
- Windows Server 2016
- Windows XP
- Xbox
- Xbox 360