Citrix has launched hotfixes for 2 vulnerabilities impacting Citrix Hypervisor, certainly one of them being the “Reptar” high-severity flaw that impacts Intel CPUs for desktop and server methods.
The Citrix Hypervisor (previously XenServer) is an enterprise-level virtualization platform for deploying and managing virtualized environments.
The hotfixes deal with vulnerabilities tracked as CVE-2023-23583 and CVE-2023-46835. The previous is a safety situation that Intel disclosed yesterday and impacts the ‘Ice Lake’ (2019) and later processor generations.
Referred to as a ‘Redundant Prefix Difficulty’, the vulnerability includes the execution of a particular instruction (REP MOVSB) with a redundant REX prefix, probably resulting in system instability, crashes, or, in uncommon instances, privilege escalation.
Intel launched microcode that corrects the issue and recommends a immediate replace to mitigate this situation. Nonetheless, the {hardware} maker additionally notes that the likelihood of real-world exploitation for CVE-2023-23583 is low.
“Though this isn’t a difficulty within the Citrix Hypervisor product itself, we’ve got included up to date Intel microcode to mitigate this CPU {hardware} situation,” reads the advisory
“This situation might permit unprivileged code in a visitor VM to compromise that VM and, probably, the host” – Intel
Google researchers, led by Tavis Ormandy, independetly found Reptar some time again. Ormandy says that though it’s identified easy methods to “corrupt the system state badly sufficient to trigger machine test errors,” a way to take advantage of the bug to attain privilege escalation continues to be to be discovered.
The second vulnerability Citrix fastened is CVE-2023-46835, which impacts Citrix Hypervisor 8.2 CU1 LTSR. It could possibly be exploited to permit malicious privileged code in a visitor digital machine (VM) to compromise an AMD-based host via a passed-through PCI system.
This drawback solely impacts VM hosts that use an AMD CPU and which additionally use a PCI system passthrough.
Directions on easy methods to apply the hotfix for the above points could be discovered on this webpage on Citrix’s Information Heart.
