[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Clarification on security advisory
On Fri, Jan 12, 2018 at 7:30 PM, <who.are.you@xxxxxxxxx> wrote: > >> >> IMPACT >> ====== >> >> Xen guests may be able to infer the contents of arbitrary host memory, >> including memory assigned to other guests. >> > > So an exploit utilised within one Dom-U can then go on to exploit another > Dom-U. This is easy to read. > > >> >> Additionally, in general, attacks within a guest (from guest user to >> guest kernel) will be the same as on real hardware. Consult your >> operating system provider for more information. >> > > I really don't understand the meaning of this. > Does this mean that a Dom-U exploit can then go on to exploit the Dom-0 too? > A Dom-U exploit == a baremetal exploit? No. If you're running Linux in an HVM guest, and your Linux kernel doesn't have the KPTI patches, then a userspace process ("guest user") can use Meltdown to attack the kernel ("guest kernel"). In other words, to protect your systems from Meltdown, you need to do two things: 1. Move your PV Linux guests to HVM or PVH 2. Install the Linux KPTI patches / Windows Meltdown hotfixes. -George _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-users
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |