Citrix has launched hotfixes for a pair of vulnerabilities affecting the Citrix Hypervisor, including a high-severity flaw, dubbed 'Reptar', that impacts Intel CPUs used in desktop and server systems. The Citrix Hypervisor, formerly known as XenServer, is a platform used at the enterprise level for the deployment and management of virtualized environments.
The hotfixes were designed to address vulnerabilities that have been assigned the identifiers CVE-2023-23583 and CVE-2023-46835. The first of these is a security issue that was recently disclosed by Intel and affects the 'Ice Lake' (2019) and subsequent generations of processors. This flaw, referred to as a 'Redundant Prefix Issue', involves the execution of a specific instruction (REP MOVSB) with an unnecessary REX prefix, which could potentially lead to system instability, crashes, or, in rare instances, privilege escalation.
Intel has released microcode that rectifies the issue and is advising users to update promptly in order to mitigate this vulnerability. However, Intel has also noted that the likelihood of CVE-2023-23583 being exploited in real-world scenarios is low. Citrix's advisory states, "Although this is not an issue in the Citrix Hypervisor product itself, we have included updated Intel microcode to mitigate this CPU hardware issue," and adds, "This issue may allow unprivileged code in a guest VM to compromise that VM and, potentially, the host".
The Reptar vulnerability was independently discovered some time ago by Google researchers, including Tavis Ormandy. Ormandy has stated that while it is known how to "corrupt the system state badly enough to cause machine check errors," a method for exploiting the bug to achieve privilege escalation has yet to be identified.
The second vulnerability that Citrix has addressed is CVE-2023-46835, which affects Citrix Hypervisor 8.2 CU1 LTSR. This vulnerability could potentially be exploited to allow harmful privileged code in a guest virtual machine (VM) to compromise an AMD-based host through a passed-through PCI device. This issue only impacts VM hosts that employ an AMD CPU and also use a PCI device passthrough.
Instructions for applying the hotfix for these issues are available on Citrix's Knowledge Center webpage.