Vulnerabilities: - Three vulnerabilities: XSA-213, XSA-214, and XSA-215 - Released patches for these vulnerabilities Affected Systems: - XSA-213: All 64-bit PV guests are exploitable - XSA-214: Requires attacker to control two different kinds of guests (PV and HVM or 32-bit PV and 64-bit PV guests) - XSA-215: Affects hosts with large amounts of memory (3.5 TiB or 5 TiB) Disclosures and Updates: - Pre-disclosed to members of the Xen Project Pre-Disclosure List - Publicly available patches at: http://xenbits.xen.org/xsa/ - Vendors and open source projects have updated their systems - Updates are available for public cloud providers and software providers - All users are encouraged to update as soon as possible Exploitation Conditions: - All three vulnerabilities have the potential to enable a guest to break out of the hypervisor isolation - Requires attacker to exploit a VM before exploiting the vulnerability - Systems with untrusted users running arbitrary kernels are particularly vulnerable Mitigation: - Users should update their systems as soon as possible - The Xen Project has developed security process best practices for cloud environments - Fuzzing tools and static analysis tools are used to prevent vulnerabilities Discovery: - Discovered by Jann Horn from Google Project Zero