The Xen Project has reported another guest/host escape bug, its third for the year including the VENOM vuln and the XSA-135 SNAFU.
The new vuln glories in the name XSA-138, aka CVE-2015-5154 and means “An HVM guest which has access to an emulated IDE CDROM device (e.g. with a device with “devtype=cdrom”, or the “cdrom” convenience alias, in the VBD configuration) can exploit this vulnerability to take over the qemu process elevating its privilege to that of the qemu process.”
“All Xen systems running x86 HVM guests without stubdomains which have been configured with an emulated CD-ROM driver model are vulnerable,” the advisory about the bug says.
The good news is that you can fix the flaw by “Avoiding the use of emulated CD-ROM devices altogether, by not specifying such devices in the domain configuration”. Or you can enable stubdomains.
view the full story here
