Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Citrix Patches Hypervisor Vulnerabilities Allowing Host Compromise

Citrix has released patches for several vulnerabilities in Hypervisor that could result in privileged code executed in a guest virtual machine compromising or crashing the host.

Citrix has released patches for several vulnerabilities in Hypervisor that could result in privileged code executed in a guest virtual machine compromising or crashing the host.

The most severe of these flaws is CVE-2021-28697 (CVSS score of 7.8), which could lead to host compromise because Grant table v2 status pages become de-allocated in certain conditions, resulting in the hypervisor mapping them to multiple locations.

Because of that, the guest VM may maintain access to pages that might have been freed and then reused for another purpose. Thus, malicious privileged code running in a guest VM may have two or more vCPUs allocated to it.

Next in line is CVE-2021-28694 (CVSS score of 6.8), another page mapping issue. The bug is related to ACPI tables, which are allowed to declare memory that should pass the translation phase unaltered.

Some of these can be mapped to devices, and the hypervisor was found to fail to prevent guests from replacing device mappings explicitly assigned by the host administrator. This could lead to host denial of service (DoS), Citrix says.

Another DoS issue that Citrix addressed with this round of patches is CVE-2021-28698 (CVSS score of 5.5). The vulnerability exists because the hypervisor may take too long to iterate over the information stored on a domain’s grant mappings.

The fourth issue (CVE-2021-28699) could lead to host compromise if the administrator has modified guest or host grant table limits. Also leading to host compromise, the fifth bug (CVE-2021-28701) exists because the hypervisor would re-allocate pages to which the guest retained permissions.

Advertisement. Scroll to continue reading.

The issues impact all currently supported versions of Citrix Hypervisor, except for CVE-2021-28699, which affects Citrix Hypervisor 8.2 LTSR only. Citrix has addressed the vulnerabilities with the release of hotfixes for Citrix Hypervisor 7.1 LTSR CU2 and Citrix Hypervisor 8.2 LTSR.

In a separate advisory, the United States Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to apply the necessary patches as soon as possible.

“Citrix has released security updates to address vulnerabilities in Hypervisor. An attacker could exploit these vulnerabilities to take control of an affected system,” CISA says.

Related: Citrix Patches Vulnerability in Workspace App for Windows

Related: Citrix Patches DoS Vulnerabilities in Hypervisor

Related: Citrix Releases Updates to Prevent DDoS Attacks Abusing Its Appliances

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.