The Xen Project has fixed three vulnerabilities in its widely used hypervisor that could allow operating systems running inside virtual machines to access the memory of the host systems, breaking the critical security layer among them.Two of the patched vulnerabilities can only be exploited under certain conditions, which limits their use in potential attacks, but one is a highly reliable flaw that poses a serious threat to multitenant data centers where the customers’ virtualized servers share the same underlying hardware.[ Doing storage virtualization correctly is not simple.
InfoWorld’s expert contributors show you how to get it right in this “Storage Virtualization Deep Dive” PDF guide. | Get the latest insight on the tech news that matters from InfoWorld’s Tech Watch blog. ]

The flaws don’t yet have CVE tracking numbers, but are covered in three Xen security advisories called XSA-213, XSA-214 and XSA-215.To read this article in full or to leave a comment, please click here

Leave a Reply