Xen XSA 155: Double fetches in paravirtualized devices
insinuator.netI wonder why this hasn't gotten any love? it seems like the last few Xen vulns got plenty of attention. I wonder if everyone who cares was up all night patching[1] and thus sleeping in today rather than screwing off on hn?
But... it was kind of a big deal.
Good work finding the bug, and I want to say thanks for going through the pre-release process. We (and by we, I mostly mean srn) only got done patching and rebooting everyone right before the release, but scrambling to upgrade all your stuff in a short time before an exploit is released is hugely better than scrambling to upgrade all your stuff with a known exploit in the wild.
[1]https://prgmr.com/blog/xen/2015/12/17/recent-software-upgrad...