Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
citrixCitrixCTX286511
HistoryNov 24, 2020 - 12:02 p.m.

Citrix Hypervisor Security Update

2020-11-2412:02:41
support.citrix.com
190

0.0004 Low

EPSS

Percentile

12.3%

JSON

Description of Problem

A security issue has been identified that may allow privileged code running in a guest VM to compromise the host. This issue is limited to only those guest VMs where the host administrator has explicitly assigned a PCI passthrough device to the guest VM.

The issue has the following identifier:

CVE ID Description Vulnerability Type Pre-conditions
CVE-2020-29040 Bounding error updating physmap CWE-121 A PCI passthrough device must be assigned
This issue affects all currently supported versions of Citrix Hypervisor up to and including Citrix Hypervisor 8.2 LTSR.

Mitigating Factors

Customers who are not using the PCI passthrough feature of Citrix Hypervisor are not at risk from this issue

What Customers Should Do

Citrix has released hotfixes to address this issue. Citrix recommends that affected customers install these hotfixes as their patching schedule allows. The hotfixes can be downloaded from the following locations:
Citrix Hypervisor 8.2 LTSR: CTX286459 – <https://support.citrix.com/article/CTX286459&gt;
Citrix Hypervisor 8.1: CTX286458 – <https://support.citrix.com/article/CTX286458&gt;
Citrix XenServer 7.1 LTSR CU2: CTX286457 – <https://support.citrix.com/article/CTX286457&gt;
Citrix XenServer 7.0: CTX286456 – <https://support.citrix.com/article/CTX286456&gt;

What Citrix Is Doing

Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at _<http://support.citrix.com/&gt;_.

Obtaining Support on This Issue

If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at _<https://www.citrix.com/support/open-a-support-case.html&gt;_.

Reporting Security Vulnerabilities

Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For details on our vulnerability response process and guidance on how to report security-related issues to Citrix, please see the following webpage: – <https://www.citrix.com/about/trust-center/vulnerability-process.html&gt;

Disclaimer

This document is provided on an “as is” basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information on the document is at your own risk. Citrix reserves the right to change or update this document at any time.

Changelog

Date Change
2020-11-24 Initial Publication
2021-01-20 CVE ID Added

Related

xen 1
cvelist 1
prion 1
ubuntucve 1
osv 1
debiancve 1
cve 1
redhatcve 1
veracode 1
nessus 1
xen
xen
stack corruption from XSA-346 change
2020-11-24 12:00:00
cvelist
cvelist
CVE-2020-29040
2020-11-24 16:07:21
prion
prion
Design/Logic Flaw
2020-11-24 17:15:00
ubuntucve
ubuntucve
CVE-2020-29040
2020-11-24 00:00:00
osv
osv
CVE-2020-29040
2020-11-24 17:15:11
debiancve
debiancve
CVE-2020-29040
2020-11-24 17:15:00
cve
cve
CVE-2020-29040
2020-11-24 17:15:00
redhatcve
redhatcve
CVE-2020-29040
2020-12-02 18:15:51
veracode
veracode
Privilege Escalation
2021-01-21 16:27:28
nessus
nessus
OracleVM 3.4 : xen (OVMSA-2021-0014)
2021-06-03 00:00:00

0.0004 Low

EPSS

Percentile

12.3%

JSON
Related for CTX286511
xen1cvelist1prion1ubuntucve1osv1debiancve1cve1redhatcve1veracode1nessus1