9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
<section>
<div><div>
<div>
<h2> Description of Problem</h2>
<div>
<div>
<div>
<p>A number of vulnerabilities have been identified within Citrix XenServer that could, if exploited, allow a malicious administrator of a guest VM to crash the host and, for some XenServer versions, allow a remote attacker to compromise the host.</p>
<p>The following vulnerabilities have been addressed:</p>
<ul>
<li>CVE-2016-2074: openvswitch: MPLS buffer overflow vulnerability</li>
<li>CVE-2018-7540: DoS via non-preemptable L3/L4 pagetable freeing</li>
<li>CVE-2018-7541: grant table v2 -> v1 transition may crash Xen</li>
</ul>
<p>The host compromise issue (CVE-2016-2074) affects Citrix XenServer versions 7.0 and 7.1 CU1 only.<br /> The denial of service issues affect all supported versions of Citrix XenServer prior to version 7.4.<br /> </p>
</div>
</div>
</div>
<hr />
</div>
<div>
<h2> Mitigating Factors</h2>
<div>
<div>
<div>
<p>Customers using the βLinux bridgeβ networking mode are unaffected by the host compromise issue.</p>
</div>
</div>
</div>
<hr />
</div>
<div>
<h2> What Customers Should Do</h2>
<div>
<div>
<div>
<p>Hotfixes have been released to address these issues. Citrix strongly recommends that affected customers install these hotfixes as soon as possible. The hotfixes can be downloaded from the following locations:</p>
<p>Citrix XenServer 7.3: CTX233368 β <a href=βhttps://support.citrix.com/article/CTX233368β>https://support.citrix.com/article/CTX233368</a></p>
<p>Citrix XenServer 7.2: CTX233366 β <a href=βhttps://support.citrix.com/article/CTX233366β>https://support.citrix.com/article/CTX233366</a></p>
<p>Citrix XenServer 7.1 LTSR CU1: CTX233363 β <a href=βhttps://support.citrix.com/article/CTX233363β>https://support.citrix.com/article/CTX233363</a> and CTX233365 β <a href=βhttps://support.citrix.com/article/CTX233365β>https://support.citrix.com/article/CTX233365</a></p>
<p>Citrix XenServer 7.0: CTX233362 β <a href=βhttps://support.citrix.com/article/CTX233362β>https://support.citrix.com/article/CTX233362</a> and CTX233364 β <a href=βhttps://support.citrix.com/article/CTX233364β>https://support.citrix.com/article/CTX233364</a></p>
<p>These hotfixes are not livepatchable.</p>
<p>Citrix is actively working on remediating the denial of service issues for releases that are End of Maintenance but not yet End of Life.</p>
</div>
</div>
</div>
<hr />
</div>
<div>
<h2> What Citrix Is Doing</h2>
<div>
<div>
<div>
<div>
<div>
<p>Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at <u> <a href=βhttp://support.citrix.com/β>http://support.citrix.com/</a></u>.</p>
</div>
</div>
</div>
</div>
</div>
<hr />
</div>
<div>
<h2> Obtaining Support on This Issue</h2>
<div>
<div>
<div>
<div>
<div>
<p>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=βhttps://www.citrix.com/support/open-a-support-case.htmlβ>https://www.citrix.com/support/open-a-support-case.html</a></u>. </p>
</div>
</div>
</div>
</div>
</div>
<hr />
</div>
<div>
<h2> Reporting Security Vulnerabilities</h2>
<div>
<div>
<div>
<div>
<div>
<p>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 β <a href=βhttp://support.citrix.com/article/CTX081743β>Reporting Security Issues to Citrix</a></p>
</div>
</div>
</div>
</div>
</div>
<hr />
</div>
<div>
<h2> Changelog</h2>
<div>
<div>
<div>
<table border=β1β width=β100%β>
<tbody>
<tr>
<td>Date </td>
<td>Change</td>
</tr>
<tr>
<td>21st March 2018</td>
<td>Initial publication</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<hr />
</div>
</div></div>
</section>
CPE | Name | Operator | Version |
---|---|---|---|
citrix xenserver | eq | 7.3 | |
citrix xenserver | eq | 7.2 | |
citrix xenserver | eq | 7.1 LTSR CU1 | |
citrix xenserver | eq | 7.0 |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P