A bug impacting all versions of open source Xen hybervisor that could allow an attacker to gain host privileges has been reported.
Quarkslab researcher Jérémie Boutoille discovered and made the initial report on the issue, which carries the Xen Security Advisory XSA 182 (CVE-2016-6258).
“The PV (paravirtualization) pagetable code has fast-paths for making updates to pre-existing pagetable entries, to skip expensive re-validation in safe cases (e.g. clearing only Access/Dirty bits). The bits considered safe were too broad, and not actually safe,” the advisory states.
This could allow a malicious PV guest administrator to escalate their privilege to that of the host, Xen said. The vulnerability is only exposed to guests on x86 hardware.
Xen reported the problem is in the hypervisor code saying this problem is very similar to the critical XSA 148 bug that was disclosed last year.
A patch is available here.