Xen Security
[Xen-users] Xen Security Advisory 100 (CVE-2014-4021) - Hypervisor heap contents leaked to guests
http://lists.xen.org/archives/html/xen-users/2014-06/msg00116.html
Xen 3.2.x以降が対象。
悪意あるゲストVMから、他のゲストVMやHyperVisorのオンメモリにある?パスワードや暗号キーを読むことができるかも。
VT-d: honor APEI firmware-first mode in XSA-59 workaround code
http://lists.xen.org/archives/html/xen-changelog/2014-06/msg00128.html
Xen XEN_DOMCTLの修正
x86/domctl: two functional fixes to XEN_DOMCTL_[gs]etvcpuextstatehttp://lists.xen.org/archives/html/xen-changelog/2014-06/msg00130.html
Interacting with the vcpu itself should be protected by vcpu_pause(). Buggy/naive toolstacks might encounter adverse interaction with a vcpu context switch, or increase of xcr0_accum. There are no much problems with current in-tree code.以下関連
[Xen-changelog] [xen master] x86/domctl: further fix to XEN_DOMCTL_[gs]etvcpuextstate
http://lists.xen.org/archives/html/xen-changelog/2014-06/msg00133.html
[Xen-changelog] [xen master] x86/domctl: implement XEN_DOMCTL_{get,set}_vcpu_msrs
http://lists.xen.org/archives/html/xen-changelog/2014-06/msg00158.html
[Xen-changelog] [xen master] x86/domctl: remove PV MSR parts of XEN_DOMCTL_[gs]et_ext_vcpucontext
http://lists.xen.org/archives/html/xen-changelog/2014-06/msg00160.html
[Xen-changelog] [xen master] sched: DOMCTL_*vcpuaffinity works with hard and soft affinity
http://lists.xen.org/archives/html/xen-changelog/2014-06/msg00181.html
0 件のコメント:
コメントを投稿