Description of Problem
Several security issues have been identified in Citrix Hypervisor, that may each allow privileged code in a guest VM to cause the host to crash or become unresponsive.
These issues have the following identifiers:
- CVE-2021-28704
- CVE-2021-28705
- CVE-2021-28714
- CVE-2021-28715
All of these issues affect all currently supported versions of Citrix Hypervisor.
What Customers Should Do
Citrix has released hotfixes to address these issues. Citrix recommends that affected customers install these hotfixes as their patching schedule allows. The hotfixes can be downloaded from the following locations:
Citrix Hypervisor 8.2 CU1 LTSR: CTX338448 – https://support.citrix.com/article/CTX338448 and CTX335882 – https://support.citrix.com/article/CTX335882
Citrix Hypervisor 8.2: CTX338444 – https://support.citrix.com/article/CTX338444 and CTX335880 – https://support.citrix.com/article/CTX335880
Citrix XenServer 7.1 LTSR CU2: CTX335531 – https://support.citrix.com/article/CTX335531 and CTX335881 – https://support.citrix.com/article/CTX335881
What Citrix is Doing
Obtaining Support on This Issue
Subscribe to Receive Alerts
Reporting Security Vulnerabilities to Citrix
Disclaimer
Changelog
Date | Change |
2022-01-12 | Initial Publication |