Hacker News new | past | comments | ask | show | jobs | submit login

I wonder if this was released due to Xen's recent x86 instruction emulation bugs.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9932

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9383




Probably not (but who knows, you could probably use this as part of a fuzzer). Instruction emulation is a superset of instruction decoding. You need to decode and then emulate the behavior.

Aside: Instruction emulation is pretty finicky and bug prone. I'm not too familiar with Xen, but KVM has had at least 10 instruction emulation CVEs. There were talks at both KVM Forum and Xen Summit last summer mentioning the sketchiness of instruction emulation.


Why would the release of this library have anything to do with Xen vulnerabilities?


Those CVEs are private. Could you provide a public source?


Relevant Xen Security Advisory

https://xenbits.xen.org/xsa/advisory-200.html

https://xenbits.xen.org/xsa/advisory-195.html

All XSA

https://xenbits.xen.org/xsa/




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: