- Home
- CVEs with nessus.description==The version of Citrix XenServer running on the remote host is missing a security hotfix. It is, therefore, affected by multiple vulnerabilities :
- A privilege escalation vulnerability known as 'Bunker Buster' exists in the paravirtualization (PV) pagetable implementation due to incorrect usage of fast-paths for making updates to pre-existing pagetable entries. An attacker with administrative privileges on a PV guest can exploit this vulnerability to gain administrative privileges on the host operating system. This vulnerability only affects PV guests on x86 hardware;
HVM and ARM guests are not affected. (CVE-2016-6258)
- A denial of service vulnerability exists when handling 32-bit exceptions and event delivery due to missing SMAP whitelisting. A local guest attacker can exploit this to trigger a safety check that will crash other virtual machines on the host system. This vulnerability only exists on 32-bit PV guests running on x86 hardware that supports SMAP. (CVE-2016-6259)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top