Xen Vulnerability Allows Hackers To Escape OS VM And Own the Host (Amazon AWS, Rackspace, IBM affected)

A freshly uncovered bug in the Xen virtualization hypervisor could potentially allow guests to escalate their privileges until they have full control of the hosts they’re running on.

The Xen hypervisor is used by cloud giants Amazon Web Services, IBM and Rackspace.

Inadequate security checks of how virtual machines access memory means a malicious, para-virtualised guest administrator can raise their system privileges to that of the host on un-patched installations, Xen said.

http://www.itnews.com.au/news/xen-patches-critical-guest-privilege-escalation-bug-431869

http://blog.quarkslab.com/xen-exploitation-part-2-xsa-148-from-guest-to-host.html

https://tech.slashdot.org/story/16/07/30/1552244/xen-vulnerability-allows-hackers-to-escape-qubes-os-vm-and-own-the-host