Latest Xen Project Blog Posts

Xen Project Security Policy Improvements: Get Involved

The recent XSA-108 vulnerability resulted in a lot of media coverage, which ended up stress-testing some of our policy and security related processes. During the embargo period of XSA-108, the Xen Project Security Team was faced with some difficult questions of policy interpretation, as well as practical issues related to pre-disclosure list membership applications. To […]

The Windows PV Drivers Sub-Project

by Paul Durrant Back in 2013 Citrix made XenServer fully open source. As part of that work the previously closed Windows drivers for paravirtual devices were opened up and made available to the community on GitHub. These drivers were still very much tied to XenServer though because of assumptions that were made about the platform […]

XSA-108: Not the vulnerability you’re looking for

There has an unusual amount of media attention to XSA-108 during the embargo period (which ended Wednesday) — far more than any of the previous security issues the Xen Project has reported. It began when a blogger complained that Amazon was telling customers it would be rebooting VMs in certain regions before a specific date. […]

XSA-108: Additional Information from the Xen Project

The Xen Project Security Team today disclosed details of the Xen Security Advisory 108 / CVE-2014-7188 (Improper MSR range used for x2APIC emulation). The Xen Project does not normally comment on specific vulnerabilities other than issuing security advisories. However, given wide interest in this case, we believe it is helpful to provide more context. The […]