Joanna RootkovskaIn case there are any Qubes OS users here: we just released Qubes Security Bulletin #29 for a critical Xen bug in PV memory virtualization allowing VM escape (XSA-212):
https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-029-2017.txt
iNFOS3C
@infosec
- 75 Followers
- 38 Following
- 6 Posts
Mark C.So, we are currently invading mastodon.social on two fronts - French social media, and the migration of #infosec from twitter :P
We should probably make @Gargron 's life easier and help the guy out; https://www.patreon.com/user?u=619786
Please boost! (it's the new RT, right?)
HalvarFlakehttps://googleprojectzero.blogspot.ch/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html - fantastic work by Gal Beniamini.
Le Gouvernement d'InternetVeuillez arrêter immédiatement de tooter et revenir à des réseaux sociaux que nous pouvons facilement contrôler!
Philippe Teuwen ㊙LIEF - Library to Instrument Executable Formats
A new Quarkslab blogpost to announce the release of LIEF as free software \o/
http://blog.quarkslab.com/lief-library-to-instrument-executable-formats.html https://mastodon.social/media/s6qGHpzmY_3X8j-GHP8
A new Quarkslab blogpost to announce the release of LIEF as free software \o/
http://blog.quarkslab.com/lief-library-to-instrument-executable-formats.html https://mastodon.social/media/s6qGHpzmY_3X8j-GHP8
cynicalsecurity ->@bsd.networkx86: broken check in memory_exchange() permits PV guest breakout
The XSA-29 fix introduced an insufficient check on XENMEM_exchange
input, allowing the caller to drive hypervisor memory accesses outside
of the guest provided input/output arrays.
IMPACT
======
A malicious or buggy 64-bit PV guest may be able to access all of
system memory, allowing for all of privilege escalation, host crashes,
and information leaks.