Virtual Event Today: Supply Chain Security Summit - Register Now

Security Experts:

Connect with us

Hi, what are you looking for?


Application Security

Citrix Patches DoS Vulnerabilities in Hypervisor

Vulnerabilities Citrix patched in Hypervisor this week could allow for code executed in a virtual machine to cause denial of service on the host.

Vulnerabilities Citrix patched in Hypervisor this week could allow for code executed in a virtual machine to cause denial of service on the host.

Formerly XenServer, Citrix Hypervisor is an open-source platform for virtualization (desktop, server, and cloud), allowing for the deployment of multiple virtual machines onto the same server, and offering integration with existing infrastructure.

Tracked as CVE-2021-28038 and CVE-2021-28688, the newly addressed vulnerabilities could be abused to cause the host to crash or become unresponsive. For that, an attacker would have to be able to execute privileged code in a guest virtual machine, Citrix explains.

The two vulnerabilities were found to impact all currently supported Hypervisor versions, including version 8.2 LTSR.

CVE-2021-28038 is a vulnerability identified in Linux kernel through 5.11.3, as used with Xen PV, and exists because of the lack of the necessary treatment for errors in the netback driver, leading to the host OS denial of service “during misbehavior of a networking frontend driver.”

CVE-2021-28688, on the other hand, was found to impact all Linux versions that include the fix for CVE-2021-26930 (XSA-365), a bug that impacts blkback’s grant mapping.

The new vulnerability could allow for a malicious or buggy frontend driver to cause resource leaks from a corresponding backend driver, thus leading to denial of service on the host. Linux versions as far back as 3.11 are likely affected.

Citrix this week also patched a third vulnerability (CVE-2020-35498) that affects Hypervisor 8.2 LTSR only, and which could result in malicious network traffic causing subsequent packets to be dropped.

The tech giant has released hotfixes that patch these vulnerabilities and is urging customers to apply these hotfixes as soon as possible. Furthermore, the company says it is notifying both customers and channel partners of these flaws.

The Cybersecurity and Infrastructure Security Agency (CISA) today issued a notification to encourage users and admins to review Citrix’ advisory and apply the available hotfixes.

“Citrix has released security updates to address vulnerabilities in Hypervisor (formerly XenServer). An attacker could exploit some of these vulnerabilities to cause a denial-of-service condition,” CISA notes.

Related: Citrix Releases Updates to Prevent DDoS Attacks 

Related: Organizations Quick to Patch Critical Citrix ADC Vulnerability

Related: Hackers Scanning for Vulnerable Citrix Systems 

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Protection

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.