Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Citrix XenServer Multiple Security Updates (CTX228867)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
A number of security vulnerabilities have been identified in Citrix XenServer that may allow a malicious administrator of a guest VM to compromise the host: - CVE-2017-15595: Unlimited recursion in linear pagetable de-typing - CVE-2017-15588: Stale TLB entry due to page type release race - CVE-2017-15593: page type reference leak on x86 - CVE-2017-15592: x86: Incorrect handling of self-linear shadow mappings with translated guests - CVE-2017-15594: x86: Incorrect handling of IST settings during CPU hotplug - CVE-2017-15590: multiple MSI mapping issues on x86 - CVE-2017-15589: hypervisor stack leak in x86 I/O intercept code For customers that do not have PV-based guests, are not using PCI passthrough and are using hardware with HAP support, the risk is reduced to a disclosure of a small part of the hypervisor stack.
Affected Software
Affected Software
XenServer versions 7.2, 7.1, 7.0, 6.5, 6.2.0, 6.0.2.
Solution
Solution
Apply the hotfix referenced in the advisory.