Citrix has released patches for Citrix XenServer that address several vulnerabilities. If exploited, an attacker or malicious administrator of a guest VM could crash or compromise certain XenServer hosts.
The following vulnerabilities have been addressed as part of the update:
- CVE-2016-2074: openvswitch: MPLS buffer overflow vulnerability (rated as CVSS base score of 9.8 or Critical)
- CVE-2018-7540: DoS via non-preemptable L3/L4 pagetable freeing
- CVE-2018-7541: grant table v2 -> v1 transition may crash Xen (allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges)
The host compromise issue caused by buffer overflow vulnerability (CVE-2016-2074) affects Citrix XenServer versions 7.0 and 7.1 CU1 only. The denial of service (DoS) issues affect all supported versions of Citrix XenServer prior to version 7.4, according to the Citrix security bulletin.