A security advisory for Red Hat’s packaging of Xen virtualization was recently announced, and errata packages distributed. The vulnerability is actually not in Xen itself, but in QEMU, which is used to provide device access for hardware-assisted virtualization.

The vulnerability depends on the use of monitor mode in QEMU, with an exploit through VNC.

XenSource’s products (XenEnterprise, XenServer, XenExpress) do not enable monitor mode. Therefore, XenSource products do do not have this security vulnerability.