Ouroboros: Tearing Xen Hypervisor with The Snake

by Shangcong Luan Sept. 15, 2017 via www.blackhat.com submitted by belen_caty

The Xen Project has been a widely used virtualization platform powering some of the largest clouds in production today. Sitting directly on the hardware below any operating systems, the Xen hypervisor is responsible for the management of CPU/MMU and guest operating systems. Guest operating systems cound be controled to run in PV mode using paravirtualization technologies or HVM mode using hardware-assisted virtualization technologies. Inspired by Ouroboros, an ancient symbol with a snake bitting its tail, our team has found a critical verification bypass bug in Xen hypervisor and that will be used to tear the hypervisor a hole. With especific exploition vectors and payloads, malicious PV guest OS could control not only the hypervisor but also all other guest operating systems running on current platform.