Description of Problem
A number of security vulnerabilities have been identified in Citrix XenServer that may allow a malicious administrator of a guest VM to compromise the host.
These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix XenServer 7.2.
The following vulnerabilities have been addressed:
- CVE-2017-12134: (High) linux: Fix Xen block IO merge-ability calculation
- CVE-2017-12135: (Medium) multiple problems with transitive grants
- CVE-2017-12136: (High) grant_table: Race conditions with maptrack free list handling
- CVE-2017-12137: (High) x86: PV privilege escalation via map_grant_ref
- CVE-2017-12855: (Low) grant_table: possibly premature clearing of GTF_writing / GTF_reading
Mitigating Factors
For Citrix XenServer installations using both version 6.2 SP1 or earlier and also HVM guests only, the risk of a host compromise is replaced by a risk of a host crash.
What Customers Should Do
Hotfixes have been released to address these issues. Citrix strongly recommends that affected customers install these hotfixes, which can be downloaded from the following locations:
Citrix XenServer 7.2: CTX226375– https://support.citrix.com/article/CTX226375 and CTX226378 – https://support.citrix.com/article/CTX226378
Citrix XenServer 7.1: CTX226298 – https://support.citrix.com/article/CTX226298 and CTX226299 – https://support.citrix.com/article/CTX226299
Citrix XenServer 7.0: CTX226374 – https://support.citrix.com/article/CTX226374 and CTX226377 – https://support.citrix.com/article/CTX226377
Citrix XenServer 6.5 SP1: CTX226373 – https://support.citrix.com/article/CTX226373 and CTX226376 – https://support.citrix.com/article/CTX226376
Citrix XenServer 6.2 SP1: CTX226372 – https://support.citrix.com/article/CTX226372
Citrix XenServer 6.0.2 Common Criteria: CTX226371 – https://support.citrix.com/article/CTX226371
Customers who are using the Live Patching feature of Citrix XenServer 7.2 may apply the relevant hotfix without requiring a reboot.
What Citrix Is Doing
Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at http://support.citrix.com/.
Obtaining Support on This Issue
If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at https://www.citrix.com/support/open-a-support-case.html.
Reporting Security Vulnerabilities
Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 – Reporting Security Issues to Citrix
Changelog
Date | Change |
15th August, 2017 | Initial publishing |
16th August, 2017 | CVE number assigned |