
Xen Security Advisory: Information leak via crafted user-supplied CDROM - weinzierl
https://xenbits.xen.org/xsa/advisory-258.html
======
mtgx
It looks like they don't affect the Qubes OS:

[https://www.qubes-
os.org/news/2018/04/25/xsa-258-259-qubes-n...](https://www.qubes-
os.org/news/2018/04/25/xsa-258-259-qubes-not-affected/)

------
chatmasta
Does this have to be a physical CDROM or could a crafted ISO upload exploit
the bug? Are cloud providers that allow uploading custom images affected by
this?

~~~
mauli
> Does this have to be a physical CDROM or could a crafted ISO upload exploit
> the bug? Are cloud providers that allow uploading custom images affected by
> this?

From the article:

> Only x86 HVM guests with a virtual CDROM device are affected. ARM guests,
> x86 PV guests, x86 PVH guests, and x86 HVM guests without a virtual CDROM
> device are not affected.

