Anatomy of a nasty
By John Leyden, 1 Oct 2014 Details of the mysterious Xen vulnerability, which prompted the Amazon AWS/Rackspace cloud reboots late last week, have been revealed, with patches already available.The CVE-2014-7188 vulnerability creates a way to trick the hypervisor into reading unallocated memory.
"A buggy or malicious HVM [hardware virtual machine] guest can crash the host or read data relating to other guests or the hypervisor itself," an advisory by Xen developers explained.
Full Article