SoylentNews is people
SoylentNews
Qubes is once again regretting how long it's taken to abandon Xen's PV hypervisor, disclosing another three bugs including host escape vulnerabilities.
The most serious bugs are in PV (paravirtualization) memory handling, XSA-213 and XSA-214.
"An attacker who exploits either of these bugs can break Qubes-provided isolation. This means that if an attacker has already exploited another vulnerability, e.g. in a Web browser or networking or USB stack, then the attacker would be able to compromise a whole Qubes system" Qubes says in this note.
The bug in XSA-213 only affects 64 bit x86 systems and relates to how root and user mode page tables are handled by 64-bit PV guests. The IRET hypercall, which stands in for identically-named CPU instructions, transfers control from user mode to kernel mode.
"If such an IRET hypercall is placed in the middle of a multicall batch, subsequent operations invoked by the same multicall batch may wrongly assume the guest to still be in kernel mode", Xen explains, with the result that the guest could get writable access to the wrong root page table.
This means a buggy or malicious PV guest "may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks."
-- submitted from IRC
(Score: -1, Flamebait) by Anonymous Coward on Monday May 08 2017, @02:33AM (5 children)
Oh noes AWS uzes Xen. Whot it meanz forz mah EC2 instunces?>?!
(Score: 1, Insightful) by Anonymous Coward on Monday May 08 2017, @03:36AM
I would assume that for you it means a quiet evening in your easy chair with a cigar and a glass of whisky, while Amazon's staff apply the patches.
(Score: 2) by kaszz on Monday May 08 2017, @07:56AM (3 children)
Well for the AMZN share [advfn.com] it meant going from 2017-05-01 953.18 US$ .... 2017-05-05 932.93 US$ a downturn with -2.1%.
Amazon EC2 services uses Xen.. well TOUGH!
My guess is that will put the pedal to the metal to get a patch out as their livelihood now depends on it. Some progress should be seen by now because the issues were published no later than 2017-05-02. Ample of time for a developer to progress towards a solution.
As in any free market the choice is of course to choose another supplier. Preferably one without AMT or IPMI bug backdoors. Ie because it's not the customers server. They can also quickly ditch a defect provider.
(Score: 0) by Anonymous Coward on Monday May 08 2017, @03:51PM (2 children)
The solution isn't to expect AMT or IPMI to be free of backdoors - because even if you assume only one bug per 100 lines of code, that's still tens, or hundreds, or even thousands of bugs.
The solution is to ensure that they're run on seperate management VLANs with proper firewalling to ensure that other people can't get on them without 802.1x access.
(Score: 2) by kaszz on Monday May 08 2017, @06:14PM
The solution is partly to not run code on my machines that I didn't sanction. Ie the Intel Management engine can't really be deselected. There will always be at least one network card with world access and then there's a CPU with hidden spheres that can mess around without the owner being able to remove it thoroughly. The VLAN solution is kind of shaky.
(Score: 0) by Anonymous Coward on Tuesday May 09 2017, @12:33AM
x ≠ 1