Citrix XenServer Multiple Security Updates (CTX223291)

Published: 2017-06-28 03:07:10
CVE Author: NIST National Vulnerability Database

CVSS Base Vector:

Detection Type:
Linux Distribution Package

Solution Type:
Vendor Patch

A number of security issues have been identified within Citrix XenServer. The most significant of these issues could, if exploited, allow a malicious administrator of a 64-bit PV guest VM to compromise the host. This issue has the identifier: - CVE-2017-7228 (High): x86: broken check in memory_exchange() permits PV guest breakout In addition, an issue has been identified that, in certain deployments, allows a guest VM to perform a denial of service attack against the host by repeatedly rebooting many times. - (Low): memory leak when destroying guest without PT devices A further issue has been identified that, in certain deployments, might allow unprivileged code within a guest to escalate its privilege level within that same guest. This issue has the identifier: - CVE-2016-10013 (Low): x86: Mishandling of SYSCALL singlestep during emulation

Detection Method:
Check the installed hotfixes.

Affected Versions:
XenServer versions 7.1, 7.0, 6.5, 6.2.0, 6.0.2.

Apply the hotfix referenced in the advisory.

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

CVE Analysis


CVSS Score
Citrix Xenserver Local Security Checks

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.