Chris ✅ is a user on mastodon.cloud. You can follow them or interact with them if you have an account anywhere in the fediverse.
If you don't, you can sign up here.
Seeing as infosec Twitter has moved to Mastodon, I'll just leave this here...
Guest-to-host Xen escape :persevere: https://www.qubes-os.org/news/2017/04/04/qsb-29/
:pensive: https://xenbits.xen.org/xsa/advisory-212.html
The annoying thing is that I'm not sure a memory-safe language like Rust or Go could stop a bug like this: it's in the manipulation of page tables, which involves checking bit flags. This is a logic blunder rather than a memory corruption. Any thoughts?
@juviacaled Mmm-hm. The full advisory is very useful to understanding the problem, which is nice.
@diodesign This is extremely problematic. As a Qubes user, I need to update my system immediately. Grateful to the Qubes team for their quick response.