Main Vulnerability Database SB2023112028

SB2023112028 - Multiple vulnerabilities in Citrix Hypervisor

Published: November 20, 2023 Updated: November 20, 2023

Security Bulletin ID SB2023112028

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Sequence of processor instructions leads to unexpected behavior (CVE-ID: CVE-2023-23583)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an error related to processing of Sequence of processor instructions. A local user can execute arbitrary code with elevated privileges.

2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-46835)

The vulnerability allows a remote guest to gain access to sensitive information.

The vulnerability exists due to improperly imposed security restrictions caused by a mismatch in IOMMU quarantine page table levels. A device in quarantine mode can access data from previous quarantine page table usages, possibly leaking data used by previous domains that also had the device assigned.

Remediation

Install update from vendor's website.

References

https://support.citrix.com/article/CTX583037