Citrix XenServer QEMU ioport Array Overflow Guest-to-Host Privilege Escalation (CTX219136)
High Nessus Plugin ID 95659
SynopsisThe remote host is affected by a privilege escalation vulnerability.
DescriptionThe version of Citrix XenServer running on the remote host is missing a security hotfix. It is, therefore, affected by a privilege escalation vulnerability in the QEMU ioport component due to an array overflow that is triggered during the handling of addresses in ioport read and write look-ups. A local administrative user on the guest system can exploit this issue to gain elevated privileges on the host system.
SolutionApply the appropriate hotfix according to the vendor advisory.