An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot.
{ "binaries": [ { "binary_name": "libxen-4.6", "binary_version": "4.6.5-0ubuntu1.4" }, { "binary_name": "libxen-dev", "binary_version": "4.6.5-0ubuntu1.4" }, { "binary_name": "libxenstore3.0", "binary_version": "4.6.5-0ubuntu1.4" }, { "binary_name": "xen-hypervisor-4.4-amd64", "binary_version": "4.6.5-0ubuntu1.4" }, { "binary_name": "xen-hypervisor-4.4-arm64", "binary_version": "4.6.5-0ubuntu1.4" }, { "binary_name": "xen-hypervisor-4.4-armhf", "binary_version": "4.6.5-0ubuntu1.4" }, { "binary_name": "xen-hypervisor-4.5-amd64", "binary_version": "4.6.5-0ubuntu1.4" }, { "binary_name": "xen-hypervisor-4.5-arm64", "binary_version": "4.6.5-0ubuntu1.4" }, { "binary_name": "xen-hypervisor-4.5-armhf", "binary_version": "4.6.5-0ubuntu1.4" }, { "binary_name": "xen-hypervisor-4.6-amd64", "binary_version": "4.6.5-0ubuntu1.4" }, { "binary_name": "xen-hypervisor-4.6-arm64", "binary_version": "4.6.5-0ubuntu1.4" }, { "binary_name": "xen-hypervisor-4.6-armhf", "binary_version": "4.6.5-0ubuntu1.4" }, { "binary_name": "xen-system-amd64", "binary_version": "4.6.5-0ubuntu1.4" }, { "binary_name": "xen-system-arm64", "binary_version": "4.6.5-0ubuntu1.4" }, { "binary_name": "xen-system-armhf", "binary_version": "4.6.5-0ubuntu1.4" }, { "binary_name": "xen-utils-4.6", "binary_version": "4.6.5-0ubuntu1.4" }, { "binary_name": "xen-utils-common", "binary_version": "4.6.5-0ubuntu1.4" }, { "binary_name": "xenstore-utils", "binary_version": "4.6.5-0ubuntu1.4" } ] }