8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
<section>
<div><div>
<div>
<h2> Description of Problem</h2>
<div>
<div>
<div>
<p>A number of security vulnerabilities have been identified in Citrix XenServer that may allow malicious code running in a PV guest VM to compromise the host and malicious privileged code running in an HVM guest VM to crash the host.</p>
<p>These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix XenServer 7.4.</p>
<p>The following vulnerabilities have been addressed:</p>
<p>CVE-2017-5754: (High) Rogue data cache load, memory access permission check performed after kernel memory read</p>
<p>CVE-2018-10982: (Medium) x86: vHPET interrupt injection errors</p>
<p>CVE-2018-8897: (High) x86: mishandling of debug exceptions</p>
</div>
</div>
</div>
<hr />
</div>
<div>
<h2> Mitigating Factors</h2>
<div>
<div>
<div>
<p>Customers with only HVM guest VMs with no untrustworthy privileged code running have mitigated these issues. Note that all Windows VMs are HVM guest VMs.</p>
</div>
</div>
</div>
<hr />
</div>
<div>
<h2> What Customers Should Do</h2>
<div>
<div>
<div>
<p>Hotfixes have been released to address these issues. Citrix strongly recommends that affected customers install these hotfixes as soon as possible. The hotfixes can be downloaded from the following locations:</p>
<p>Citrix XenServer 7.4: CTX234440 – <a href=“https://support.citrix.com/article/CTX234440”>https://support.citrix.com/article/CTX234440</a> </p>
<p>Citrix XenServer 7.3: CTX234439 – <a href=“https://support.citrix.com/article/CTX234439”>https://support.citrix.com/article/CTX234439</a> </p>
<p>Citrix XenServer 7.1 LTSR CU1: CTX234437 – <a href=“https://support.citrix.com/article/CTX234437”>https://support.citrix.com/article/CTX234437</a> </p>
<p>Citrix XenServer 7.0: CTX234436 – <a href=“https://support.citrix.com/article/CTX234436”>https://support.citrix.com/article/CTX234436</a> </p>
<p>Citrix XenServer 6.5 SP1: CTX234435 – <a href=“https://support.citrix.com/article/CTX234435”>https://support.citrix.com/article/CTX234435</a> </p>
<p>Citrix XenServer 6.2 SP1: CTX234434 – <a href=“https://support.citrix.com/article/CTX234434”>https://support.citrix.com/article/CTX234434</a> </p>
<p>Citrix XenServer 6.0.2 Common Criteria: CTX234433 – <a href=“https://support.citrix.com/article/CTX234433”>https://support.citrix.com/article/CTX234433</a> </p>
<p>In addition, following the publication of CVE-2017-5754, Citrix committed to provide mitigations for this issue for the Citrix XenServer 7.2 release which is now End of Life. A hotfix for this release is available at Citrix XenServer 7.2: CTX234438 – <a href=“https://support.citrix.com/article/CTX234438”>https://support.citrix.com/article/CTX234438</a> </p>
<p>Note that, in line with previous statements, the hotfixes for the 6.x versions of Citrix XenServer do not include mitigations for CVE-2017-5754.</p>
</div>
</div>
</div>
<hr />
</div>
<div>
<h2> What Citrix Is Doing</h2>
<div>
<div>
<div>
<div>
<div>
<p>Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at <u> <a href=“http://support.citrix.com/”>http://support.citrix.com/</a></u>.</p>
</div>
</div>
</div>
</div>
</div>
<hr />
</div>
<div>
<h2> Obtaining Support on This Issue</h2>
<div>
<div>
<div>
<div>
<div>
<p>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=“https://www.citrix.com/support/open-a-support-case.html”>https://www.citrix.com/support/open-a-support-case.html</a></u>. </p>
</div>
</div>
</div>
</div>
</div>
<hr />
</div>
<div>
<h2> Reporting Security Vulnerabilities</h2>
<div>
<div>
<div>
<div>
<div>
<p>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 – <a href=“http://support.citrix.com/article/CTX081743”>Reporting Security Issues to Citrix</a></p>
</div>
</div>
</div>
</div>
</div>
<hr />
</div>
<div>
<h2> Changelog</h2>
<div>
<div>
<div>
<table border=“1” width=“100%”>
<tbody>
<tr>
<td>Date </td>
<td>Change</td>
</tr>
<tr>
<td>8th May 2018</td>
<td>Initial Publication</td>
</tr>
<tr>
<td>11th May 2018</td>
<td>Updated missing CVE identifier CVE-2018-10892</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<hr />
</div>
</div></div>
</section>
CPE | Name | Operator | Version |
---|---|---|---|
citrix xenserver | eq | 7.4 | |
citrix xenserver | eq | 7.3 | |
citrix xenserver | eq | 7.1 LTSR CU1 | |
citrix xenserver | eq | 7.0 | |
citrix xenserver | eq | 6.5 SP1 | |
citrix xenserver | eq | 6.2 SP1 |
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C