Vigil@nce - Xen: write on readonly disks via libxl
November 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker, who is administrator in a guest system, configured
with qemu-xen and libxl, can write to disk images of the host
system, even if they are configured as read-only.
Impacted products: openSUSE, SUSE Linux Enterprise Desktop, SLES,
Xen.
Severity: 2/4.
Creation date: 22/09/2015.
DESCRIPTION OF THE VULNERABILITY
The Xen product can be configured with qemu-xen (instead of
qemu-xen-traditional), and can use tools linked to libxl.
However, with this configuration, a disk cannot be mounted as
read-only, but libxl does not indicate it.
An attacker, who is administrator in a guest system, configured
with qemu-xen and libxl, can therefore write to disk images of the
host system, even if they are configured as read-only.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Xen-write-on-readonly-disks-via-libxl-17952