Last week, several of the largest public and private cloud providers such as Amazon and Rackspace have rebooted some of their servers after notifying users of the move and that they will experience minimal downtime.
The initial notices didn’t mention the reason behind that action, but it was confirmed later that there were unspecified problems with the Xen hypervisor.
Xen allows multiple OSes to execute on the same computer hardware at the same time, allowing the creation of virtual private servers, and is often used by cloud computing services.
On Wednesday, more details about the issue have been released in a Xen advisory, which explained that a flaw has been discovered that can allow a “buggy or malicious HVM guest to crash the host or read data relating to other guests or the hypervisor itself.”
The Xen Project also publicly released a patch.
On account of the seriousness of the vulnerability, Information about it and the patch were delivered to various cloud providers last week, and full public disclosure of the issue was scheduled for Wednesday (October 1), so that the companies have time to fix the flaw in their infrastructure before it becomes common knowledge.
Rackspace CEO Taylor Rhodes and AWS Chief Evangelist Jeff Barr explained more in detail how the patching process was executed by their respective companies.