QID 377775
QID 377775: Security Advisory for Citrix XenServer (CTX337526)
Several security issues have been identified that affect Citrix XenServer: CVE-2022-23034 : An issue has been identified that may allow privileged code in a PV guest VM to cause the host to crash. CVE-2022-23035 : An issue has been identified that may allow privileged code in a guest VM to cause the host to crash. This issue only affects systems where the malicious guest VM has had a physical PCI device assigned through to it by the host administrator using the PCI passthrough feature. CVE-2021-0145 : Intel has disclosed an issue that affects Intel CPU hardware together with corresponding microcode updates. Although this is not an issue in the Citrix Hypervisor product itself, Citrix is releasing hotfixes that include the updated microcode together with the product changes needed to support the new microcode.
Affected Products:
Citrix XenServer 7.1 CU2 LTSR
Note: This QID will detect only for Citrix XenServer 7.1 LTSR
QID Detection Logic (Authenticated):
OS:Citrix XenServer
The QID checks if Hotfixes is applied on the vulnerable versions of Citrix XenServer.
Vulnerable version could allow privileged code in a guest VM to cause the host to crash.
Hotfixes have been released for Citrix XenServer to address these issues. Refer to CTX337526 to obtain more information.
CVEs related to QID 377775
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| CTX337526 |
support.citrix.com/article/CTX337526/security-advisory-for-citrix-hypervisor |