Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Citrix XenServer Multiple Security Updates (CTX224740)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
A number of security issues have been identified within Citrix XenServer. These issues could, if exploited, allow a malicious administrator of a guest VM to compromise the host. The issues have the identifiers: - CVE-2017-10920, CVE-2017-10921, CVE-2017-10922 (High): Grant table operations mishandle reference counts. - CVE-2017-10918 (High): Stale P1M mappings due to insufficient error checking. - CVE-2017-10912 (Medium): Page transfer may allow PV guest to elevate privilege. - CVE-2017-10913, CVE-2017-10914 (Medium): Races in the grant table unmap code. - CVE-2017-10915 (Medium): x85: insufficient reference counts during shadow emulation. - CVE-2017-10917 (Medium): NULL pointer deref in event channel poll. - CVE-2017-10911 (Low): blkif responses leak backend stack data.
Affected Software
Affected Software
XenServer versions 7.2, 7.1, 7.0, 6.5, 6.2.0, 6.0.2.
Detection Method
Detection Method
Check the installed hotfixes.
Solution
Solution
Apply the hotfix referenced in the advisory.