Xen reveals XSA-108 memory leak bug details
By Chris Duckett October 1, 2014, 11:14 PM PST //  @dobes

Email Alert
RSS
A memory reading issue in Xen 4.1 and above has been publicly disclosed, along with a patch.
Xen has unveiled the details of a security issue in its hypervisor that forced cloud providers Amazon and Rackspace into a full reboot of all users' affected machines over the past week.

The issue, CVE-2014-7188 / XSA-108, allowed hardware virtual machine guests to potentially read data from either other guest machines, or the hypervisor itself, Xen said in its advisory. The memory bug hit x86 systems with machines with ARM chips escaping the issue.

"The MSR [model-specific register] range specified for APIC use in the x2APIC access model spans 256 MSRs. Hypervisor code emulating read and write accesses to these MSRs erroneously covered 1,024 MSRs," Xen said.

"While the write emulation path is written such that accesses to the extra MSRs would not have any bad effect (they end up being no-ops), the read path would (attempt to) access memory beyond the single page set up for APIC emulation."

While the issue affects Xen 4.1 and over, a patch has been issued for xen-unstable, Xen 4.4, 4.3, and 4.2.

Over the past week, the issue has been cited as the cause for full reboots of Amazon's cloud service, as well as Rackspace, that occurred at short notice.
~~