From Ring3 to Ring0 – Xen emulator flaws

Bitdefender researcher Andrei Lutas published  Gaining kernel privileges using the Xen emulator (2153 downloads) , a whitepaper detailing the exploitation of two distinct vulnerabilities which he discovered in the Xen x86 instruction emulator, also affecting other platforms based on Xen such as XenServer, XenClient, XenClient XT, Amazon and, perhaps (although this has not been tested) Oracle VM and others.

These vulnerabilities are exploitable and could lead to either denial of service at VM level or privilege escalation (from the VM userland to the kernel of the VM system), with the possibility of bypassing Intel Supervisory Mode Execution Prevention.

The vulnerabilities are listed as Xen Security Advisories XSA-105 and XSA-106. Bitdefender researchers strongly recommend applying the relevant patches.

“I would like to take this opportunity to commend the Xen team, who have acted very fast to patch the flaws” commented Bitdefender security researcher Andrei Lutas.

About the author



Razvan Stoica is a journalist turned teacher turned publicist and technology evangelist. When Bitdefender isn't paying him to bring complex subjects to wide audiences, he enjoys writing fiction, skiing and biking. Razvan Stoica started off writing for a science monthly and was the chief editor of a science fiction magazine for a short while before moving on to the University of Medicine in Bucharest where he lectured on the English language. Recruited by Bitdefender in 2004 to add zest to the company's online presence, he has fulfilled a bevy of roles within the company since. In his current position, he is primarily responsible for the communications and community-building efforts of the Bitdefender research and technology development arm.