According to the Linux Foundation, ‘The Xen project hypervisor is the foundation for many products and platforms, serving as the basis for many commercial server visualization, desktop and embedded products as well as hardware appliances.’
This program took 11 years to develop into its current state, and is ‘the leading open source virtualization platform that is powering some of the largest clouds in production today’. Many server products use Xen Software as its base, as well as appliances and embedded products.
However recently a vulnerability in the Xen hypervisor has put the security of many servers at risk. This vulnerability, tracked as CVE-2014-7188, forced at least Amazon Web Services and Rackspace to reboot some of their customers’ servers over the past week, as the security barrier in multi-user servers was compromised. There has been speculation that the issue will affect a larger number of servers and is not limited to Amazon and Rackspace.
Even so, Amazon has been forced to reboot up to 10% of its Elastic Cloud Compute systems over the last several days to apply a patch. Amazon scheduled its reboots so it wouldn’t affect two regions or availability zones at the same time and maintained contact with its customers, resulting in successful reboots and satisfied customers.
Rackspace wasn’t so lucky, as some of their reboots took much longer than expected and their notifications could have been clearer. Their patches were slower to take effect, resulting in unhappy customers.
The Xen Software was originally designed to create and run virtual machines. One mistake in the hypervisor has threatened that, and now all software that uses Xen programming is at risk. The problem has been contained for now and Xen Project is working on fixing its security vulnerability.