Ouroboros: Tearing Xen Hypervisor with the Snake

The Xen Project has been a widely used virtualization platform powering
some of the largest clouds in production today.

Sitting directly on the hardware below any operating systems, the Xen
hypervisor is responsible for the management of CPU/MMU and guest
operating systems.

Guest operating systems cound be controled to run in PV mode using
paravirtualization technologies or HVM mode using hardware-assisted
virtualization technologies.

Compare to HVM mode, PV mode guest OS kernel could recognize the
existence of hypervisor and, thus, work normally via hypervisor
inferfaces which are called hypercalls. While performing priviledged
operations, PV mode guest OS would submit requests via hypercalls then
the hypervisor do these operations for it after verifying its requests.

Inspired by Ouroboros, an ancient symbol with a snake bitting its tail,
our team has found a critical verification bypass bug in Xen hypervisor
and that will be used to tear the hypervisor a hole. With sepecific
exploition vectors and payloads, malicious PV guest OS could control not
only the hypervisor but also all other guest operating systems running
on current platform.

by Shangcong Luan of Alibaba

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
To post to this group, send email to
To view this discussion on the web visit
For more options, visit

Reply via email to