Xen security advisories from October 2015 and Bromium vSentry

Author: No Comments Share:

Nine Xen hypervisor security advisories – XSA-145, XSA-146, XSA-147, XSA-148, XSA-149, XSA-150, XSA-151, XSA-152, XSA-153 were released on October 29. The good news is that none of them impact Bromium vSentry hypervisor. The most notable one is XSA-148:

XSA-148: x86: Uncontrolled creation of large page mappings by PV guests

This vulnerability allows a paravirtualized (PV) VM to access all memory on the system, including regions reserved for the hypervisor. This results in full compromise of the hypervisor. This is truly a critical vulnerability.

Bromium vSentry does not use PV VMs – instead, we use fully-virtualized (HVM) VMs. Therefore, this vulnerability does not impact vSentry.

Other XSAs are low severity denial of service problems. They do not affect vSentry, because our codebase has been trimmed and hardened. Some details (provided by Christian Limpach):

XSA-149: leak of main per-domain vcpu pointer array

vSentry does not use a separate dynamic allocation for the relevant data structures, therefore it is not vulnerable

XSA-150: x86: Long latency populate-on-demand operation is not preemptible

vSentry does not implement the relevant functionality, therefore it is not vulnerable

XSA-151: x86: leak of per-domain profiling-related vcpu pointer array

vSentry does not implement the relevant functionality, therefore it is not vulnerable

XSA-152: x86: some pmu and profiling hypercalls log without rate limiting

vSentry does not implement the relevant functionality, therefore it is not vulnerable

XSA-153: x86: populate-on-demand balloon size inaccuracy can crash guests

vSentry does not implement the relevant functionality, therefore it is not vulnerable

The remaining XSA-145, XSA-146 and XSA-147 are arm architecture specific, and therefore they do not impact vSentry.

Previous Article

Microsoft’s open heart surgery on Windows 10 for TH2

Next Article

Shifting Cyber Insurance Rates Creates New Dilemmas

You may also like