Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Citrix XenServer Multiple Security Updates (CTX223291)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
A number of security issues have been identified within Citrix XenServer. The most significant of these issues could, if exploited, allow a malicious administrator of a 64-bit PV guest VM to compromise the host. This issue has the identifier: - CVE-2017-7228 (High): x86: broken check in memory_exchange() permits PV guest breakout In addition, an issue has been identified that, in certain deployments, allows a guest VM to perform a denial of service attack against the host by repeatedly rebooting many times. - (Low): memory leak when destroying guest without PT devices A further issue has been identified that, in certain deployments, might allow unprivileged code within a guest to escalate its privilege level within that same guest. This issue has the identifier: - CVE-2016-10013 (Low): x86: Mishandling of SYSCALL singlestep during emulation
Affected Software
Affected Software
XenServer versions 7.1, 7.0, 6.5, 6.2.0, 6.0.2.
Detection Method
Detection Method
Check the installed hotfixes.
Solution
Solution
Apply the hotfix referenced in the advisory.