Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Xen Security Advisory: Information leak via crafted user-supplied CDROM (xen.org)
27 points by weinzierl on April 26, 2018 | hide | past | favorite | 3 comments


It looks like they don't affect the Qubes OS:

https://www.qubes-os.org/news/2018/04/25/xsa-258-259-qubes-n...


Does this have to be a physical CDROM or could a crafted ISO upload exploit the bug? Are cloud providers that allow uploading custom images affected by this?


> Does this have to be a physical CDROM or could a crafted ISO upload exploit the bug? Are cloud providers that allow uploading custom images affected by this?

From the article:

> Only x86 HVM guests with a virtual CDROM device are affected. ARM guests, x86 PV guests, x86 PVH guests, and x86 HVM guests without a virtual CDROM device are not affected.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: