SB2023101193 - Multiple vulnerabilities in Citrix Hypervisor
Published: October 11, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-34326)
The vulnerability allows a remote guest to escalate privileges on the system.
The vulnerability exists due to missing IOMMU TLB flushing on x86/AMD systems. A malicious guest can access memory not owned by the guest and escalate privileges on the system.
2) Out-of-bounds write (CVE-ID: CVE-2022-1304)
The vulnerability allows a local attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A local attacker can use a specially crafted filesystem, trigger out-of-bounds write and execute arbitrary code on the target system.
3) Deadlock (CVE-ID: CVE-2023-34324)
The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to improper event handling in Linux kernel. A malicious guest can disable paravirtualized device to cause a deadlock in a backend domain (other than dom0).
4) State Issues (CVE-ID: CVE-2023-34327)
The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to improper validation of guest state when using Debug Masks in HVM vCPU. A malicious guest can perform a denial of service (DoS) attack against the guest OS.
5) Division by zero (CVE-ID: CVE-2023-20588)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a divide by zero error that can return speculative data. A local user can gain access to potentially sensitive information.
Remediation
Install update from vendor's website.
References
- https://support.citrix.com/article/CTX575089"
- https://support.citrix.com/article/CTX575089</a></p><p>
- https://support.citrix.com/article/CTX575070/hotfix-xs82ecu1047-for-citrix-hypervisor-82-cumulative-update-1<br>
- https://support.citrix.com/article/CTX579955/hotfix-xs82ecu1049-for-citrix-hypervisor-82-cumulative-update-1<br>
- https://support.citrix.com/article/CTX580401/hotfix-xs82ecu1051-for-citrix-hypervisor-82-cumulative-update-1<br>
- https://support.citrix.com/article/CTX581053/hotfix-xs82ecu1052-for-citrix-hypervisor-82-cumulative-update-1<br>
- https://support.citrix.com/article/CTX581108/hotfix-xs82ecu1054-for-citrix-hypervisor-82-cumulative-update-1<br></p>