Pandavirtualization: Exploiting the Xen hypervisor (Project Zero)
Pandavirtualization: Exploiting the Xen hypervisor (Project Zero)
[Security] Posted Apr 7, 2017 16:22 UTC (Fri) by corbet
The latest installment
from Google's Project Zero covers the development of an exploit for this unpleasant Xen
vulnerability. "To demonstrate the impact of the issue, I
created an exploit that, when executed in one 64-bit PV guest with root
privileges, will execute a shell command as root in all other 64-bit PV
guests (including dom0) on the same physical machine.
"