5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
18.0%
Modern CPUs contain random number generators that provide entropy (randomness) to the software running on those processors to use for purposes such as generating cryptographic encryption keys. Software can obtain entropy by using the RDRAND and RDSEED instructions.
A security issue has been identified in certain CPU hardware that may allow unprivileged code running on a host to observe the entropy provided by the CPU to other processes, virtual machines or the hypervisor that are, or have recently been, running, irrespective of whether they are running on the same processor core or thread. For example, if a process in one guest VM were to use the RDSEED instruction to get a random value to use as a secret encryption key, another process in a different VM might be able to observe the result of that RDSEED instruction and so determine the secret encryption key.
This issue has the following identifier:
Note that this issue only affects the confidentiality of the entropy returned by the CPU, not how random the value itself is.
Note also that an attacker can only observe the entropy most recently returned by an RDSEED or RDRAND instruction on the system. If a further RDSEED or RDRAND instruction is executed on the system, the older result is no longer observable by an attacker.
Although this is not a vulnerability in the Citrix Hypervisor (formerly Citrix XenServer) product, Citrix is providing hotfixes to mitigate this CPU issue. Hotfixes are available for all currently supported versions of Citrix Hypervisor up to and including Citrix Hypervisor 8.1. These hotfixes include updated CPU microcode which may have a noticeable performance impact on workloads that make significant use of RDRAND or RDSEED instructions.
Only certain Intel CPUs are affected by this issue; customers are recommended to contact their hardware vendor to determine if their system is affected.
Customers with only AMD CPUs are not affected by this issue.
Hotfixes have been released to address these issues. Citrix recommends that affected customers install these hotfixes as soon as their patching schedule permits. The hotfixes can be downloaded from the following locations:
Citrix Hypervisor 8.1: CTX272278 – <https://support.citrix.com/article/CTX272278>
Citrix Hypervisor 8.0: CTX272277 – <https://support.citrix.com/article/CTX272277>
Citrix XenServer 7.1 LTSR CU2: CTX272276 – <https://support.citrix.com/article/CTX272276>
Citrix XenServer 7.0: CTX272275 – <https://support.citrix.com/article/CTX272275>
Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at _ <http://support.citrix.com/>_.
If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at _ <https://www.citrix.com/support/open-a-support-case.html>_.
Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 – Reporting Security Issues to Citrix
Date | Change |
---|---|
2020-06-09 | Initial Publication |
CPE | Name | Operator | Version |
---|---|---|---|
citrix hypervisor | le | 8.1 | |
citrix hypervisor | le | 8.0 | |
citrix xenserver | le | 7.1 | |
citrix xenserver | le | 7.0 |
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
18.0%