Citrix has released hotfixes for two vulnerabilities impacting Citrix Hypervisor, one of them being the “Reptar” high-severity flaw that affects Intel CPUs for desktop and server systems.
The Citrix Hypervisor (formerly XenServer) is an enterprise-level virtualization platform for deploying and managing virtualized environments.
The hotfixes address vulnerabilities tracked as CVE-2023-23583 and CVE-2023-46835. The former is a security issue that Intel disclosed yesterday and impacts the ‘Ice Lake’ (2019) and later processor generations.
Known as a ‘Redundant Prefix Issue’, the vulnerability involves the execution of a specific instruction (REP MOVSB) with a redundant REX prefix, potentially leading to system instability, crashes, or, in rare cases, privilege escalation.
Intel released microcode that corrects the problem and recommends a prompt update to mitigate this issue. However, the hardware maker also notes that the probability of real-world exploitation for CVE-2023-23583 is low.
“Although this is not an issue in the Citrix Hypervisor product itself, we have included updated Intel microcode to mitigate this CPU hardware issue,” reads the advisory
“This issue may allow unprivileged code in a guest VM to compromise that VM and, potentially, the host” – Intel
Google researchers, led by Tavis Ormandy, independetly discovered Reptar a while back. Ormandy says that although it is known how to “corrupt the system state badly enough to cause machine check errors,” a method to exploit the bug to achieve privilege escalation is still to be found.
The second vulnerability Citrix fixed is CVE-2023-46835, which impacts Citrix Hypervisor 8.2 CU1 LTSR. It could be exploited to allow malicious privileged code in a guest virtual machine (VM) to compromise an AMD-based host through a passed-through PCI device.
This problem only impacts VM hosts that use an AMD CPU and which also use a PCI device passthrough.
Instructions on how to apply the hotfix for the above issues can be found on this webpage on Citrix’s Knowledge Center.