Citrix XenServer Multiple Vulnerabilities (CTX216071)
High Nessus Plugin ID 93608
SynopsisThe remote host is affected by multiple vulnerabilities.
DescriptionThe version of Citrix XenServer running on the remote host is missing a security hotfix. It is, therefore, affected by multiple vulnerabilities :
- A flaw exists due to improper handling of pagetable walks that contain recursive L3 pagetable entries. An attacker on the guest can exploit this to gain elevated privileges. (CVE-2016-7092)
- A flaw exists due to improper handling of instruction pointer truncation when emulating HVM instructions. An attacker on the guest can exploit this to gain elevated privileges. (CVE-2016-7093)
- An overflow condition exists in the x86 HVM guests due to improper handling of writing to pagetables, specifically when the guest is running shadow paging using a subset of the x86 emulator. An attacker on the guest can exploit this to cause a denial of service condition on the host. (CVE-2016-7094)
- A use-after-free error exists when calling the EVTCHNOP_init_control operation with a bad guest frame number. An attacker on the guest can exploit this, by freeing a control structure without also clearing the corresponding pointer, to crash the host or potentially gain elevated privileges. (CVE-2016-7154)
SolutionApply the appropriate hotfix according to the vendor advisory.