Lucene search

K
citrixCitrixCTX251995
HistoryMay 14, 2019 - 4:00 a.m.

Citrix Hypervisor Security Update

2019-05-1404:00:00
support.citrix.com
44

5.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

<section>
<div><div>
<div>

<h2> Description of Problem</h2>

<div>
<div>
<div>
<p>A number of security issues have been identified in certain CPU hardware that may allow unprivileged code running on a CPU core to infer the value of memory data belonging to other processes, virtual machines or the hypervisor that are, or have recently been, running on the same CPU core.</p>
<p>These issues have the following identifiers:</p>
<p>• CVE-2018-12126: Microarchitectural Store Buffer Data Sampling</p>
<p>• CVE-2018-12127: Microarchitectural Load Port Data Sampling</p>
<p>• CVE-2018-12130: Microarchitectural Fill Buffer Data Sampling</p>
<p>• CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory</p>
<p>Although these are not vulnerabilities in the Citrix Hypervisor (formerly Citrix XenServer) product, this bulletin and associated hotfixes provides assistance in mitigating these CPU issues.</p>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> Mitigating Factors</h2>

<div>
<div>
<div>
<p>Customers with AMD CPUs are believed to be unaffected by these issues.</p>
<p>Some Intel CPUs are believed to be unaffected by these issues. A list of affected Intel CPUs is expected to be made available at <a href=“https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html”>https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html</a></p>
<p>Identification of the specific CPU(s) present on a Citrix Hypervisor machine may be obtained by typing the command</p>
<p> <i>grep “model name” /proc/cpuinfo</i></p>
<p>in the Dom0 console.</p>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> What Customers Should Do</h2>

<div>
<div>
<div>
<p>Full mitigation of these issues for systems with vulnerable CPUs requires all of:</p>
<ol>
<li>Updates to Citrix Hypervisor</li>
<li>Updates to the CPU microcode</li>
<li>Disabling CPU hyper-threading (also known as simultaneous multi-threading)</li>
</ol>
<p> </p>
<p>In addition, updates to guest operating systems may be required to protect guest VMs from code running within that same VM. Guest VMs will need to be stopped and started (rather than rebooted) to fully mitigate these issues within the guest VM. Customers are advised to follow their operating system provider’s recommendations. Likewise, updates to the host system firmware (“BIOS updates”) may be required and Citrix recommends that you follow the guidance of your hardware vendor for any updates that they may provide.</p>
<p> <u>Updates to Citrix Hypervisor</u></p>
<p>Citrix has released hotfixes that contain mitigations for these CPU issues. These hotfixes can be found on the Citrix website at the following locations:</p>
<p>Citrix Hypervisor 8.0: CTX250041 – <a href=“https://support.citrix.com/article/CTX250041”>https://support.citrix.com/article/CTX250041</a></p>
<p>Citrix XenServer 7.6: CTX250040 – <a href=“https://support.citrix.com/article/CTX250040”>https://support.citrix.com/article/CTX250040</a></p>
<p>Citrix XenServer 7.1 LTSR CU2: CTX250039 – <a href=“https://support.citrix.com/article/CTX250039”>https://support.citrix.com/article/CTX250039</a></p>
<p>Citrix XenServer 7.0: CTX250038 – <a href=“https://support.citrix.com/article/CTX250038”>https://support.citrix.com/article/CTX250038</a></p>
<p> <u>Updates to the CPU microcode</u></p>
<p>The hotfixes released with this bulletin contain microcode for all supported CPU models for which Intel has presently made updates available. This microcode will be automatically applied each time the system boots. Any further microcode updates may be installed by means of system firmware updates (“BIOS updates”) and Citrix strongly recommends that you follow the guidance of your hardware vendor for any updates that they may provide.</p>
<p>CPUs that are vulnerable to these issues, and for which the CPU manufacturer has not provided microcode updates, will not have full mitigation of these issues.</p>
<p>Once the hotfix has been applied, customers with vulnerable CPUs can determine if the microcode required to mitigate these issues has been loaded into the CPU by typing the command</p>
<p> <i>xl dmesg | grep “Hardware features:”</i></p>
<p>in the Dom0 console shortly after the host has rebooted to apply the hotfix. If the output includes the text MD_CLEAR, updated microcode is present.</p>
<p> <u>Disabling CPU hyper-threading</u></p>
<p>Mitigation of these issues requires disabling hyper-threading on vulnerable CPUs. Customers should evaluate their workload and determine if the mitigation of disabling hyper-threading is required in their environment, and to understand the performance impact of this mitigation. Citrix recommends disabling hyper-threading in deployments with untrusted workloads. The following document provides the steps to disable hyper-threading via the Xen command line: <a href=“https://support.citrix.com/article/CTX237190”>https://support.citrix.com/article/CTX237190</a></p>
<p>Note that disabling hyper-threading will result in the number of available pCPUs being reduced and is likely to adversely impact performance. The following document covers additional issues that may be encountered in environments where customers have over-provisioned or pinned pCPUs (for example when hyper-threads are disabled): <a href=“https://support.citrix.com/article/CTX236977”>https://support.citrix.com/article/CTX236977</a></p>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> What Citrix Is Doing</h2>

<div>
<div>
<div>
<div>
<div>
<p>Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at <u> <a href=“http://support.citrix.com/”>http://support.citrix.com/</a></u>.</p>
</div>
</div>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> Obtaining Support on This Issue</h2>

<div>
<div>
<div>
<div>
<div>
<p>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=“https://www.citrix.com/support/open-a-support-case.html”>https://www.citrix.com/support/open-a-support-case.html</a></u>. </p>
</div>
</div>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> Reporting Security Vulnerabilities</h2>

<div>
<div>
<div>
<div>
<div>
<p>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 – <a href=“http://support.citrix.com/article/CTX081743”>Reporting Security Issues to Citrix</a></p>
</div>
</div>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> Changelog</h2>

<div>
<div>
<div>
<table border=“1” width=“100%”>
<tbody>
<tr>
<td>Date </td>
<td>Change</td>
</tr>
<tr>
<td>14th May 2019</td>
<td>Initial publication</td>
</tr>
<tr>
<td>16th May 2019</td>
<td>Added additional hotfixes and included guidance on restarting guest VMs</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>

<hr />
</div>
</div></div>
</section>

5.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N