After 11 months of development, the release of the free hypervisor xen 4.18 has been published. Companies such as Amazon, ARM, Bitdefender, Citrix, Epam Systems, and AMD participated in the development process. The updates for the Xen 4.18 branch will be available until May 16, 2025, and vulnerabilities will be published until November 16, 2026.
Key changes in Xen 4.18:
- The initial ports for architectures RISC-V and Power (PPC64le) have been added. Testing environments for the RISC-V and Power ports have been set up in the continuous integration system Gitlab Ci.
- Enhancements have been made to the Xen memory subsystem to account for ARM architecture features when working on ARM64 systems. Experimental support for vector instructions SVE (Scalable Vector Extension) has been added. ARM Firmware Framework tools for the ARM a-profile (ARM Application-profile) architecture have been included. The experimental ability to dynamically add and remove nodes in Xen Device Tree using .dtbo files has also been added.
- On systems with Intel processors, the MSR_ARCH_CAPS parameter is now visible in guest systems and can be configured through the virtual machine configuration file. This parameter allows users to determine the hardware corrections of vulnerabilities related to speculative operations.
- Support for the expansion of CPUID_USER_DIS (CPUID Faulting) has been added for the fourth generation of AMD Epyc processors, enabling control over the ability to view CPUID data from a parallelized guest system.
- Support for the mechanism PKS (Protection Key Supervisor) has been added for guest systems in HVM and PVH, expanding the possibilities of protecting memory pages. This support is available in Intel processors based on Sapphire Rapids.
- The VM-Notify mechanism has been