Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Xen Hypervisor Vulnerability Exposed Virtualized Servers

A serious security vulnerability (CVE-2014-7188) affecting the open-source hypervisor Xen has forced Amazon, Rackspace and other cloud providers to reboot their systems in order to apply a patch.

A serious security vulnerability (CVE-2014-7188) affecting the open-source hypervisor Xen has forced Amazon, Rackspace and other cloud providers to reboot their systems in order to apply a patch.

The vulnerability, discovered by Jan Beulich of SUSE, affects Xen 4.1 and onward. However, only x86 systems are impacted (ARM systems are not), the Xen Project noted in a security advisory published on Wednesday.

The flaw can be leveraged by a malicious actor who owns a virtualized server to read data from other systems on the host server. An attacker could also exploit the vulnerability to cause the host to crash.

Xen Logo“The MSR range specified for APIC use in the x2APIC access model spans 256 MSRs. Hypervisor code emulating read and write accesses to these MSRs erroneously covered 1024 MSRs. While the write emulation path is written such that accesses to the extra MSRs would not have any bad effect (they end up being no-ops), the read path would (attempt to) access memory beyond the single page set up for APIC emulation,” reads the advisory.

Hosting firm Rackspace rebooted its cloud systems over the weekend to apply the patch made available by the Xen Project. Rackspace notified its customers of the reboot, but didn’t mention anything about the Xen vulnerability to “avoid alerting cybercriminals.” There is no evidence that any data has been compromised due to the vulnerability, the company said.

Rackspace apologized to its customers for not warning them sooner about the reboot.

“This maintenance affected nearly a quarter of our 200,000-plus customers, and in the course of it, we dropped a few balls. Some of our reboots, for example, took much longer than they should. And some of our notifications were not as clear as they should have been. We are making changes to address those mistakes,” Taylor Rhodes, CEO and president of  Rackspace, said in a blog post.

Amazon, which had to reboot roughly 10 percent of its EC2 fleet, told its customers that the maintenance update was related to a Xen security announcement. However, it didn’t provide any details until after the patch was applied.

“Because our customers’ security is our top priority and because the issue was potentially harmful to our customers, we needed to take fast action to protect them. For the reasons mentioned above, we couldn’t be as expansive as we’d have liked on why we had to take such fast action,” Amazon Web Services Chief Evangelist Jeff Barr explained.

Advertisement. Scroll to continue reading.

Hypervisor vulnerabilities are relatively rare, but as Bromium researcher Rafal Wojtczuk demonstrated at the recent Black Hat security conference, there are several weak spots that can be leveraged in attacks against hypervisors.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.