Security Experts:

Connect with us

Hi, what are you looking for?



Citrix Patches Hypervisor Vulnerabilities Allowing Host Compromise

Citrix has released patches for several vulnerabilities in Hypervisor that could result in privileged code executed in a guest virtual machine compromising or crashing the host.

Citrix has released patches for several vulnerabilities in Hypervisor that could result in privileged code executed in a guest virtual machine compromising or crashing the host.

The most severe of these flaws is CVE-2021-28697 (CVSS score of 7.8), which could lead to host compromise because Grant table v2 status pages become de-allocated in certain conditions, resulting in the hypervisor mapping them to multiple locations.

Because of that, the guest VM may maintain access to pages that might have been freed and then reused for another purpose. Thus, malicious privileged code running in a guest VM may have two or more vCPUs allocated to it.

Next in line is CVE-2021-28694 (CVSS score of 6.8), another page mapping issue. The bug is related to ACPI tables, which are allowed to declare memory that should pass the translation phase unaltered.

Some of these can be mapped to devices, and the hypervisor was found to fail to prevent guests from replacing device mappings explicitly assigned by the host administrator. This could lead to host denial of service (DoS), Citrix says.

Another DoS issue that Citrix addressed with this round of patches is CVE-2021-28698 (CVSS score of 5.5). The vulnerability exists because the hypervisor may take too long to iterate over the information stored on a domain’s grant mappings.

The fourth issue (CVE-2021-28699) could lead to host compromise if the administrator has modified guest or host grant table limits. Also leading to host compromise, the fifth bug (CVE-2021-28701) exists because the hypervisor would re-allocate pages to which the guest retained permissions.

The issues impact all currently supported versions of Citrix Hypervisor, except for CVE-2021-28699, which affects Citrix Hypervisor 8.2 LTSR only. Citrix has addressed the vulnerabilities with the release of hotfixes for Citrix Hypervisor 7.1 LTSR CU2 and Citrix Hypervisor 8.2 LTSR.

In a separate advisory, the United States Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to apply the necessary patches as soon as possible.

“Citrix has released security updates to address vulnerabilities in Hypervisor. An attacker could exploit these vulnerabilities to take control of an affected system,” CISA says.

Related: Citrix Patches Vulnerability in Workspace App for Windows

Related: Citrix Patches DoS Vulnerabilities in Hypervisor

Related: Citrix Releases Updates to Prevent DDoS Attacks Abusing Its Appliances

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.


Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.