Security expert Jérémie Boutoille from Quarkslab says that he has found a critical bug in the Xen hypervisor. The open-source hypervisor, which has the likes of Amazon, and IBM on its cloud clients list, has had a bug which could lead to potential privilege escalation. The bug, identified as CVE-2016-6258, affects all versions of Xen. However, only PV guests on x86 hardware should be worried. Hardware virtual machine (HVM) and ARM guests are deemed invulnerable. "Running only HVM guests will avoid this vulnerability", the researcher said in an advisory posted on the Xenbits website. In theory, the bug would allow… [Continue Reading]