The Xen Project has detailed the critical vulnerability that led to AWS and Rackspace shutting down their cloud services to fix the threat.
The bug prompted the cloud providers to make the unusual move of rebooting servers in order to protect customers. The flaw affected the Xen hypervisor, widely used by hosting firms and cloud providers.
In a blog post on the Xen Project Community, it said the bug, called XSA-108, could allow hackers to read sensitive information from a virtual machine.
"XSA-108 was caused by a bug in the emulation code used when running HVM guests on x86 processors. The bug allows an attacker with elevated guest OS privileges to crash the host or to read up to three KiB of random memory that might not be assigned to the guest," the advisory stated.
"The memory could contain confidential information if it is assigned to a different guest or the hypervisor."
A patch to fix the flaw was released quietly to customers who promised to sign an NDA in order to prevent hackers from becoming aware of the flaw and using this knowledge to mount an attack on their cloud infrastructure.
The Xen Project hailed the successful patching as testament to working privately with cloud providers to avert catastrophe.
“We believe that the process has been working well, as it did for XSA-108. Several cloud providers updated their servers, something that they decided was necessary in this case to best ensure their users were not put at risk,” the project said. “Most likely smaller vendors have done the same. Product vendors and Linux distributions will make updates available to their users following the embargo date.”
The project said that in light of the flaw, public interest in software security and vulnerabilities would likely continue, if not increase.
“Next week, we will start an open discussion on our mailing lists, to make any necessary adjustments to our security process in light of pressure exerted on vendors as well as community members during the embargo period for XSA-108,” the project said.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
