Vulmon
Description of Problem
A number of security issues have been identified within Citrix XenServer. These issues could, if exploited, allow a malicious administrator of a guest VM to compromise the host. The issues have the identifiers:
- CVE-2017-10920, CVE-2017-10921 and CVE-2017-10922 (High): Grant table operations mishandle reference counts.
- CVE-2017-10918 (High): Stale P2M mappings due to insufficient error checking.
- CVE-2017-10912 (Medium): Page transfer may allow PV guest to elevate privilege.
- CVE-2017-10913 and CVE-2017-10914 (Medium): Races in the grant table unmap code.
- CVE-2017-10915 (Medium): x86: insufficient reference counts during shadow emulation.
- CVE-2017-10917 (Medium): NULL pointer deref in event channel poll.
- CVE-2017-10911 (Low): blkif responses leak backend stack data.
What Customers Should Do
Hotfixes have been released to address these issues. Citrix recommends that affected customers install these hotfixes, which can be downloaded from the following locations:
Citrix XenServer 7.2: CTX224692 – https://support.citrix.com/article/CTX224692 and CTX224698 – https://support.citrix.com/article/CTX224698
Citrix XenServer 7.1: CTX224691 – https://support.citrix.com/article/CTX224691 and CTX224697 – https://support.citrix.com/article/CTX224697
Citrix XenServer 7.0: CTX224690 – https://support.citrix.com/article/CTX224690 and CTX224696 – https://support.citrix.com/article/CTX224696
Citrix XenServer 6.5 SP1: CTX224689 – https://support.citrix.com/article/CTX224689 and CTX224695 – https://support.citrix.com/article/CTX224695
Customers who have deployed Citrix XenServer 6.2 SP1 on older hardware that does not have Hardware Assisted Paging support (Intel: EPT, AMD: RVI) should upgrade to Citrix XenServer 6.5 SP1 or later to ensure that they are protected against these issues.
Citrix XenServer 6.2 SP1: CTX224688 – https://support.citrix.com/article/CTX224688 and CTX224694 – https://support.citrix.com/article/CTX224694
Citrix XenServer 6.0.2 Common Criteria: CTX224687 – https://support.citrix.com/article/CTX224687 and CTX224693 – https://support.citrix.com/article/CTX224693
Customers who are using the Live Patching feature of Citrix XenServer 7.2 may apply the relevant hotfixes without requiring a reboot. Customers who are using the Live Patching feature of Citrix XenServer 7.1 who have previously deployed all earlier hotfixes may apply the relevant hotfixes without requiring a reboot.
What Citrix Is Doing
Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at http://support.citrix.com/.
Obtaining Support on This Issue
If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at https://www.citrix.com/support/open-a-support-case.html.
Reporting Security Vulnerabilities
Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 – Reporting Security Issues to Citrix
Changelog
| Date | Change |
| 21st June, 2017 | Initial publishing |
| 7th July, 2017 | Added CVE identifiers |