A security vulnerability has been identified in Citrix XenServer. This vulnerability allows an unprivileged user of a guest VM to crash the host.
The vulnerability is identified as:
• CVE-2013-1917: Xen PV DoS vulnerability with SYSENTER
Mitigating Factors
The vulnerability can only be exploited from PV guest VMs running on Intel CPUs.
Hotfixes
Hotfixes have been released to address this issue. Citrix recommends that affected customers install the relevant hotfix, which can be downloaded from the following locations:
Citrix XenServer 6.1: CTX137487 – Hotfix XS61E019 – For XenServer 6.1.0
Citrix XenServer 6.0.2: CTX137486 – Hotfix XS602E022 – For XenServer 6.0.2
Citrix XenServer 6.0.0: CTX137484 – Hotfix XS60E028 – For XenServer 6.0
Citrix XenServer 5.6 Service Pack 2: CTX137483 – Hotfix XS56ESP2027 – For XenServer 5.6 Service Pack 2
Citrix XenServer 5.6 Feature Pack 1: CTX137482 – Hotfix XS56EFP1017 – For XenServer 5.6 Feature Pack 1
Citrix XenServer 5.6: CTX137481 – Hotfix XS56E018 – For XenServer 5.6
Citrix XenServer 5.5 Update 2: CTX137480 – Hotfix XS55EU2016 – For XenServer 5.5 Update 2
Citrix XenServer 5.0 Update 3: CTX137479 – Hotfix XS50EU3016 – For XenServer 5.0 Update 3
Read the original KB article here.