Citrix Patches DoS Vulnerabilities in Hypervisor

From securityweek.com

Vulnerabilities Citrix patched in Hypervisor this week could allow for code executed in a virtual machine to cause denial of service on the host.

Formerly XenServer, Citrix Hypervisor is an open-source platform for virtualization (desktop, server, and cloud), allowing for the deployment of multiple virtual machines onto the same server, and offering integration with existing infrastructure.

Tracked as CVE-2021-28038 and CVE-2021-28688, the newly addressed vulnerabilities could be abused to cause the host to crash or become unresponsive. For that, an attacker would have to be able to execute privileged code in a guest virtual machine, Citrix explains.

The two vulnerabilities were found to impact all currently supported Hypervisor versions, including version 8.2 LTSR.

Read more…