Citrix XenServer Multiple Security Updates (CTX230138)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
A number of security vulnerabilities have been identified in Citrix XenServer that may allow a malicious administrator of an HVM guest VM to compromise the host. - CVE-2017-7980: code execution via overflow in Cirrus Logic emulation - CVE-2017-15592: Incorrect handling of self-linear shadow mappings with translated guests - CVE-2017-17044: Infinite loop due to missing PoD error checking - CVE-2017-17045: Missing p2m error checking in PoD code
Affected Software
Affected Software
XenServer versions 7.2, 7.1, 7.0, 6.5, 6.2.0 and 6.0.2.
Solution
Solution
Apply the hotfix referenced in the advisory.