Description of Problem
A number of security issues have been identified within Citrix XenServer. The most significant of these issues could, if exploited, allow a malicious administrator of a 64-bit PV guest VM to compromise the host. This issue has the identifier:
- CVE-2017-7228 (High): x86: broken check in memory_exchange() permits PV guest breakout
In addition, an issue has been identified that, in certain deployments, allows a guest VM to perform a denial of service attack against the host by repeatedly rebooting many times. This issue has not yet been allocated a CVE number but has the placeholder identifier:
- CVE-TBA (Low): memory leak when destroying guest without PT devices
A further issue has been identified that, in certain deployments, might allow unprivileged code within a guest to escalate its privilege level within that same guest. This issue has the identifier:
- CVE-2016-10013 (Low): x86: Mishandling of SYSCALL singlestep during emulation
Mitigating Factors
Customers using only HVM guest VMs are not affected by CVE-2017-7228. Note that all Microsoft Windows VMs are HVM.
Customers using only systems with Intel CPUs are not affected by CVE-TBA. Customers using only systems without IOMMU support are not affected by CVE-TBA.
Citrix is unaware of any guest operating system that would enable CVE-2016-10013.
What Customers Should Do
Hotfixes have been released to address these issues. Citrix recommends that affected customers install these hotfixes, which can be downloaded from the following locations:
Citrix XenServer 7.1: CTX222424 – https://support.citrix.com/article/CTX222424
Citrix XenServer 7.0: CTX222423 – https://support.citrix.com/article/CTX222423
Citrix XenServer 6.5 SP1: CTX222422 – https://support.citrix.com/article/CTX222422
Citrix XenServer 6.2 SP1: CTX222421 – https://support.citrix.com/article/CTX222421
Citrix XenServer 6.0.2 Common Criteria: CTX222420– https://support.citrix.com/article/CTX222420
Customers who are using the Live Patching feature of Citrix XenServer 7.1 may apply the relevant hotfix without requiring a reboot.
What Citrix Is Doing
Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at http://support.citrix.com/.
Obtaining Support on This Issue
If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at https://www.citrix.com/support/open-a-support-case.html.
Reporting Security Vulnerabilities
Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 – Reporting Security Issues to Citrix
Changelog
Date | Change |