Patch Qubes to prevent pwnage via Xen bug
Death knell sounded for paravirtualisation, here's why
Xen has a critical bug that means Qubes 3.1 and 3.2 need an immediate patch, for Xen packages between 4.6.4 and 4.6.26.
A recent patch introduced the bug, which according to the advisory is an insufficient check on the
XENMEM_exchange input, “allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays.”
As a result, a malicious 64-bit guest could see “all of system memory”, with catastrophic results – privilege escalation, host crashes, and information leaks; and other vulnerabilities (for example, in a browser, networking stack, or USB stack) would let an attacker “compromise a whole Qubes system”.
The advisory notes that it stems from the paravirtualisation (PV) system in Qubes, which is overly complex and due to be unplugged: “the upcoming Qubes OS 4.0 will no longer use PV. Instead, we will be switching to HVM-based virtualisation”.
The bug was found by Google Project Zero's Jann Horn, and is fixed by running the qubes-dom0-update command or in the Qubes VM Manager. ®