This is a serious violation of the security barrier enforced by the hypervisor and poses a particular threat to multi-tenant data centers where the customers ' virtualized servers share the same underlying hardware . The open-source Xen hypervisor is used by cloud computing providers and virtual private server hosting companies , as well as by security-oriented operating systems like Qubes OS . The new vulnerability affects Vulnerability-related.DiscoverVulnerability Xen 4.8.x , 4.7.x , 4.6.x , 4.5.x , and 4.4.x and has existed in the Xen code base for over four years . It was unintentionally introduced Vulnerability-related.DiscoverVulnerability in December 2012 as part of a fix for a different issue . The Xen project released Vulnerability-related.PatchVulnerability a patch Tuesday that can be applied manually to vulnerable deployments . The good news is that the vulnerability can only be exploited Vulnerability-related.DiscoverVulnerability from 64-bit paravirtualized guest operating systems . Xen supports two types of virtual machines : Hardware Virtual Machines ( HVMs ) , which use hardware-assisted virtualization , and paravirtualized ( PV ) VMs that use software-based virtualization . Based on whether they use PV VMs , Xen users might be affected or not . For example , Amazon Web Services said in Vulnerability-related.DiscoverVulnerability an advisory that its customers ' data and instances were not affected Vulnerability-related.DiscoverVulnerability by this vulnerability and no customer action is required . Meanwhile , virtual private server provider Linode had to reboot some of its legacy Xen servers in order to apply Vulnerability-related.PatchVulnerability the fix . Qubes OS , an operating system that uses Xen to isolate applications inside virtual machines , also put out an advisory warning Vulnerability-related.DiscoverVulnerability that an attacker who exploits another vulnerability , for example inside a browser , can exploit Vulnerability-related.DiscoverVulnerability this Xen issue to compromise the whole Qubes system . The Qubes developers have released Vulnerability-related.PatchVulnerability a patched Xen package for Qubes 3.1 & 3.2 and reiterated their intention to stop using paravirtualization altogether in the upcoming Qubes 4.0 . Vulnerabilities that allow breaking the isolation layer of virtual machines can be very valuable for attackers .