On 2017-03-14, I reported a bug to Xen's security team that permits an attacker with control over the kernel of a paravirtualized x86-64 Xen guest to break out of the hypervisor and gain full control over the machine's physical memory. The Xen Project publicly released an advisory and a patch for this issue 2017-04-04. To demonstrate the impact of the issue, I created an exploit that, when execute
![Pandavirtualization: Exploiting the Xen hypervisor](https://cdn-ak-scissors.b.st-hatena.com/image/square/d8f37434bda3d667473c553b037b2477adf8e0ad/height=288;version=1;width=512/https%3A%2F%2Fblogger.googleusercontent.com%2Fimg%2Fb%2FR29vZ2xl%2FAVvXsEhfNPpIbKKW8zCe93f129U5gfQfQjAerRixRLUFP2VfUBGYRHubCWGiKh-lK66VuqR3MxpUbypa7ZyrqtKCGc_lccTT3PC3ezq8HLq6quFv3eXObbXQ84UJPqvkW54EcWM-8tlc3AUIE7gGely9GYndal3ZvaIMJjGAaKN320buUXwgwMljCKVWsRT-%2Fw1200-h630-p-k-no-nu%2Fxen1.png)