The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Citrix XenServer

computer vulnerability alert CVE-2017-15597

Xen: privilege escalation via Grant Table

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via Grant Table of Xen, in order to escalate his privileges on the host system.
Impacted products: XenServer, Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: privileged shell.
Creation date: 24/10/2017.
Identifiers: CERTFR-2017-AVI-377, CERTFR-2017-AVI-378, CTX229057, CVE-2017-15597, DLA-1549-1, DSA-4050-1, FEDORA-2017-009bc68243, FEDORA-2017-c4aa57d753, openSUSE-SU-2017:3193-1, openSUSE-SU-2017:3194-1, SUSE-SU-2017:3115-1, SUSE-SU-2017:3178-1, SUSE-SU-2017:3212-1, SUSE-SU-2017:3236-1, SUSE-SU-2017:3239-1, SUSE-SU-2017:3242-1, VIGILANCE-VUL-24226, XSA-236.

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via Grant Table of Xen, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-15594

Xen: privilege escalation via CPU Hotplug IST Settings

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via CPU Hotplug IST Settings of Xen, in order to escalate his privileges on the host system.
Impacted products: XenServer, Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 12/10/2017.
Identifiers: CERTFR-2017-AVI-351, CTX228867, CVE-2017-15594, DLA-1559-1, DSA-4050-1, FEDORA-2017-5bcddc1984, FEDORA-2017-d4709b0d8b, openSUSE-SU-2017:2821-1, openSUSE-SU-2017:2916-1, SUSE-SU-2017:2812-1, SUSE-SU-2017:2815-1, SUSE-SU-2017:2856-1, SUSE-SU-2017:2864-1, SUSE-SU-2017:2873-1, VIGILANCE-VUL-24125, XSA-244.

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via CPU Hotplug IST Settings of Xen, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-15592

Xen: privilege escalation via Self-linear Shadow Mappings

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via Self-linear Shadow Mappings of Xen, in order to escalate his privileges on the host system.
Impacted products: XenServer, Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 12/10/2017.
Identifiers: CERTFR-2017-AVI-351, CERTFR-2017-AVI-444, CTX228867, CTX230138, CVE-2017-15592, DLA-1181-1, DLA-1559-1, DSA-4050-1, FEDORA-2017-2500a024ef, FEDORA-2017-5bcddc1984, FEDORA-2017-c31799ee4a, FEDORA-2017-d4709b0d8b, FEDORA-2017-f2577f2108, openSUSE-SU-2017:2821-1, openSUSE-SU-2017:2916-1, SUSE-SU-2017:2812-1, SUSE-SU-2017:2815-1, SUSE-SU-2017:2856-1, SUSE-SU-2017:2864-1, SUSE-SU-2017:2873-1, SUSE-SU-2017:3212-1, SUSE-SU-2017:3236-1, SUSE-SU-2017:3239-1, SUSE-SU-2017:3242-1, VIGILANCE-VUL-24124, XSA-243.

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via Self-linear Shadow Mappings of Xen, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-15593

Xen: memory leak via Page Type Reference

Synthesis of the vulnerability

An attacker, inside a guest system, can create a memory leak via Page Type Reference of Xen, in order to trigger a denial of service on the host system.
Impacted products: XenServer, Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 12/10/2017.
Identifiers: CERTFR-2017-AVI-351, CTX228867, CVE-2017-15593, DLA-1181-1, DLA-1559-1, DSA-4050-1, FEDORA-2017-5bcddc1984, FEDORA-2017-d4709b0d8b, openSUSE-SU-2017:2821-1, openSUSE-SU-2017:2916-1, SUSE-SU-2017:2812-1, SUSE-SU-2017:2815-1, SUSE-SU-2017:2856-1, SUSE-SU-2017:2864-1, SUSE-SU-2017:2873-1, VIGILANCE-VUL-24123, XSA-242.

Description of the vulnerability

An attacker, inside a guest system, can create a memory leak via Page Type Reference of Xen, in order to trigger a denial of service on the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-15588

Xen: privilege escalation via Stale TLB Entry

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via Stale TLB Entry of Xen, in order to escalate his privileges on the host system.
Impacted products: XenServer, Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 12/10/2017.
Identifiers: CERTFR-2017-AVI-351, CTX228867, CVE-2017-15588, DLA-1181-1, DLA-1549-1, DSA-4050-1, FEDORA-2017-5bcddc1984, FEDORA-2017-d4709b0d8b, openSUSE-SU-2017:2821-1, openSUSE-SU-2017:2916-1, SUSE-SU-2017:2812-1, SUSE-SU-2017:2815-1, SUSE-SU-2017:2856-1, SUSE-SU-2017:2864-1, SUSE-SU-2017:2873-1, VIGILANCE-VUL-24122, XSA-241.

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via Stale TLB Entry of Xen, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-15595

Xen: privilege escalation via Linear Pagetable De-typing

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via Linear Pagetable De-typing of Xen, in order to escalate his privileges on the host system.
Impacted products: XenServer, Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 12/10/2017.
Identifiers: 1359, CERTFR-2017-AVI-351, CTX228867, CVE-2017-15595, DLA-1181-1, DLA-1559-1, DSA-4050-1, FEDORA-2017-2500a024ef, FEDORA-2017-5bcddc1984, FEDORA-2017-c31799ee4a, FEDORA-2017-d4709b0d8b, FEDORA-2017-f2577f2108, openSUSE-SU-2017:2821-1, openSUSE-SU-2017:2916-1, openSUSE-SU-2018:0459-1, SUSE-SU-2017:2812-1, SUSE-SU-2017:2815-1, SUSE-SU-2017:2856-1, SUSE-SU-2017:2864-1, SUSE-SU-2017:2873-1, SUSE-SU-2017:3212-1, SUSE-SU-2017:3236-1, SUSE-SU-2017:3239-1, SUSE-SU-2017:3242-1, SUSE-SU-2018:0438-1, SUSE-SU-2018:0472-1, SUSE-SU-2018:0601-1, SUSE-SU-2018:0609-1, SUSE-SU-2018:0638-1, SUSE-SU-2018:0678-1, VIGILANCE-VUL-24121, XSA-240.

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via Linear Pagetable De-typing of Xen, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-15589

Xen: information disclosure via X86 I/O Intercept Code

Synthesis of the vulnerability

A local attacker, inside a guest system, can read a memory fragment via X86 I/O Intercept Code of Xen, in order to obtain sensitive information on the host system.
Impacted products: XenServer, Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 12/10/2017.
Identifiers: CERTFR-2017-AVI-351, CTX228867, CVE-2017-15589, DLA-1181-1, DLA-1549-1, DSA-4050-1, FEDORA-2017-5bcddc1984, FEDORA-2017-d4709b0d8b, openSUSE-SU-2017:2821-1, openSUSE-SU-2017:2916-1, SUSE-SU-2017:2812-1, SUSE-SU-2017:2815-1, SUSE-SU-2017:2856-1, SUSE-SU-2017:2864-1, SUSE-SU-2017:2873-1, VIGILANCE-VUL-24120, XSA-239.

Description of the vulnerability

A local attacker, inside a guest system, can read a memory fragment via X86 I/O Intercept Code of Xen, in order to obtain sensitive information on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-15590

Xen: privilege escalation via PCI MSI Interrupts

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via PCI MSI Interrupts of Xen, in order to escalate his privileges on the host system.
Impacted products: XenServer, Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 12/10/2017.
Identifiers: CERTFR-2017-AVI-351, CTX228867, CVE-2017-15590, DLA-1549-1, DSA-4050-1, FEDORA-2017-5bcddc1984, FEDORA-2017-d4709b0d8b, openSUSE-SU-2017:2821-1, openSUSE-SU-2017:2916-1, SUSE-SU-2017:2812-1, SUSE-SU-2017:2815-1, SUSE-SU-2017:2856-1, SUSE-SU-2017:2864-1, SUSE-SU-2017:2873-1, VIGILANCE-VUL-24118, XSA-237.

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via PCI MSI Interrupts of Xen, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-15588 CVE-2017-15589 CVE-2017-15590

Citrix XenServer: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Citrix XenServer.
Impacted products: XenServer.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, denial of service on service.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 7.
Creation date: 12/10/2017.
Identifiers: CERTFR-2017-AVI-350, CTX228867, CVE-2017-15588, CVE-2017-15589, CVE-2017-15590, CVE-2017-15592, CVE-2017-15593, CVE-2017-15594, CVE-2017-15595, VIGILANCE-VUL-24115.

Description of the vulnerability

An attacker can use several vulnerabilities of Citrix XenServer.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-14319

Xen: privilege escalation via Grant Mapping

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via Grant Mapping of Xen, in order to escalate his privileges on the host system.
Impacted products: XenServer, Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 12/09/2017.
Identifiers: CERTFR-2017-AVI-292, CERTFR-2017-AVI-302, CTX227185, CVE-2017-14319, DLA-1132-1, DLA-1549-1, DSA-4050-1, FEDORA-2017-e399a9008c, FEDORA-2017-f7fd3fe7eb, openSUSE-SU-2017:2514-1, openSUSE-SU-2017:2540-1, SUSE-SU-2017:2420-1, SUSE-SU-2017:2450-1, SUSE-SU-2017:2519-1, SUSE-SU-2017:2541-1, SUSE-SU-2017:2611-1, VIGILANCE-VUL-23817, XSA-234.

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via Grant Mapping of Xen, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Citrix XenServer: