[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] Clarification on security advisory

To: xen-users@xxxxxxxxxxxxxxxxxxxx
From: who.are.you@xxxxxxxxx
Date: Fri, 12 Jan 2018 19:30:40 +0000
Delivery-date: Fri, 12 Jan 2018 19:27:24 +0000
List-id: Xen user discussion <xen-users.lists.xenproject.org>

> 
> IMPACT
> ======
> 
> Xen guests may be able to infer the contents of arbitrary host memory,
> including memory assigned to other guests.
> 

So an exploit utilised within one Dom-U can then go on to exploit another 
Dom-U. This is easy to read.


> 
> Additionally, in general, attacks within a guest (from guest user to
> guest kernel) will be the same as on real hardware.  Consult your
> operating system provider for more information.
> 

I really don't understand the meaning of this.
Does this mean that a Dom-U exploit can then go on to exploit the Dom-0 too?
A Dom-U exploit == a baremetal exploit?

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-users

Follow-Ups:
- Re: [Xen-users] Clarification on security advisory
  - From: George Dunlap

Prev by Date: Re: [Xen-users] Xen PV Guest won't boot latest kernel- OSError: [Errno 28] No space left on device
Next by Date: Re: [Xen-users] Clarification on security advisory
Previous by thread: [Xen-users] Xen PV Guest won't boot latest kernel- OSError: [Errno 28] No space left on device
Next by thread: Re: [Xen-users] Clarification on security advisory
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.