
Xen XSA 155: Double fetches in paravirtualized devices - fwilhelm
https://www.insinuator.net/2015/12/xen-xsa-155-double-fetches-in-paravirtualized-devices/
======
lsc
I wonder why this hasn't gotten any love? it seems like the last few Xen vulns
got plenty of attention. I wonder if everyone who cares was up all night
patching[1] and thus sleeping in today rather than screwing off on hn?

But... it was kind of a big deal.

Good work finding the bug, and I want to say thanks for going through the pre-
release process. We (and by we, I mostly mean srn) only got done patching and
rebooting everyone right before the release, but scrambling to upgrade all
your stuff in a short time before an exploit is released is hugely better than
scrambling to upgrade all your stuff with a known exploit in the wild.

[1][https://prgmr.com/blog/xen/2015/12/17/recent-software-
upgrad...](https://prgmr.com/blog/xen/2015/12/17/recent-software-upgrade.html)

