Posted by Alan Hikerell on Oct 30

Xen XSA-148(http://xenbits.xen.org/xsa/advisory-148.html) is the real VM
Escape Vulnerability

XSA-148 is public just now and it’s a memory management logic vulnerability
obviously.
The bulletin means that a micious PV DomU could enable PS/RW flag of its
PDE to read/write the 2M page.
So, if a attacker prepare a page table at the 2M page, he could use the
vulnerability to modify the PT.
Finally, this vulnerability changes to a arbitrary…