CVSS Base Vector:
Linux Distribution Package
A number of security issues have been identified within Citrix XenServer.
The most significant of these issues could, if exploited, allow a malicious administrator of a 64-bit PV guest VM
to compromise the host. This issue has the identifier:
- CVE-2017-7228 (High): x86: broken check in memory_exchange() permits PV guest breakout
In addition, an issue has been identified that, in certain deployments, allows a guest VM to perform a denial of
service attack against the host by repeatedly rebooting many times.
- (Low): memory leak when destroying guest without PT devices
A further issue has been identified that, in certain deployments, might allow unprivileged code within a guest to
escalate its privilege level within that same guest. This issue has the identifier:
- CVE-2016-10013 (Low): x86: Mishandling of SYSCALL singlestep during emulation
Check the installed hotfixes.
XenServer versions 7.1, 7.0, 6.5, 6.2.0, 6.0.2.
NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)
Apply the hotfix referenced in the advisory.