Xen patches theoretical bug

The Xen Project has revealed a new bug but says it knows of no operating system that is vulnerable to it.

XSA-176 means “guest user mode code may be able to establish mappings of arbitrary memory inside the guest, allowing it to elevate its privileges inside the guest.”

The problem's roots lie in the Page Size (PS) page table entry bit, because Xen's software page table walker can theoretically ignore it under some circumstances and give a guest OS the wrong idea about page table allocation.

The good news is Xen has checked with maintainers of Linux, FreeBSD, NetBSD, OpenBSD, and Solaris and none have the problem. Nor do any proprietary operating systems. But the Project's security folks say they “cannot rule … out” an exploit, so there's a patch.

ARM systems are immune to the bug, as are paravirtualised x86 guests. ®