The Xen Vulnerability That Rebooted the Public Cloud
NEWS ANALYSIS: More details are now public on the open-source Xen hypervisor vulnerability that triggered full Amazon, Rackspace and IBM cloud reboots.A proverbial lynchpin holds the world's major public cloud providers together, and that pin is the open-source Xen hypervisor. Amazon, Rackspace and IBM SoftLayer have all had to reboot their servers in the last several days to fix a flaw in Xen that was privately reported two weeks ago and only publicly disclosed on Oct. 1. The flaw in question is detailed in Xen Security Advisory XSA-108 and is also identified as CVE-2014-7188. Technically speaking, the vulnerability is titled "Improper MSR range used for x2APIC emulation," which is basically a memory-related issue. Model Specific Registers (MSRs) are control registers within an x86 chip, while x2APIC is Intel's next-generation Advanced Programmable Interrupt Controller (APIC). "The MSR range specified for APIC use in the x2APIC access model spans 256 MSRs," according to the Xen advisory. "Hypervisor code emulating read and write accesses to these MSRs erroneously covered 1024 MSRs." The impact of the flaw is that an attacker could potentially crash the underlying host server and potentially read data from other virtual machines on the system. So, the problem for public cloud providers, for example, is that the flaw could have enabled an attacker to potentially get access to other resources and data on the cloud. Needless to say, that would have been catastrophic for any public cloud provider, especially the world's largest.
The issue only affects hardware-assisted virtual machines (HVMs) and not paravirtualized (PV) virtual machines. HVMs leverage capabilities within silicon, including Intel's VT-x and AMD-V.