A new class of issues has been identified in common CPU architectures. The presently known issues could allow unprivileged code to read privileged memory locations.

Citrix is analysing the potential impact of these issues across its product range. This bulletin will be updated as further information becomes available on the impacts of these issues and their variants.

Please note that, although these are issues in the underlying processor hardware, Citrix intends to provide software updates, together with our partners, to mitigate these issues where practical.

Please review the following sections for information on your specific Citrix products. This bulletin will be updated as more information becomes available. Customers can receive e-mail notifications about updated or new security bulletins by subscribing at the following address: https://support.citrix.com/user/alerts 

• Citrix XenMobile Server: Citrix believes that currently supported versions of Citrix XenMobile Server are not impacted by the presently known variants of these issues.
• Citrix XenMobile MDX Toolkit and SDK: Citrix believes that currently supported versions of Citrix XenMobile MDX Toolkit and SDK are not impacted by the presently known variants of these issues.
  
• Citrix NetScaler (MPX/VPX): Citrix believes that currently supported versions of Citrix NetScaler MPX and VPX are not impacted by the presently known variants of these issues.
• Citrix NetScaler AppFirewall Platforms: Citrix believes that currently supported versions of Citrix NetScaler AppFirewall Platforms are not impacted by the presently known variants of these issues.
  
• Citrix NetScaler Management Analytics Service (MAS): Citrix believes that currently supported versions of the Citrix NetScaler Management Analytics Service are not impacted by presently known variants of these issues.
• Citrix Command Center: Citrix believes that currently supported versions of the Citrix Command Center, both hardware and software components, are not impacted by presently known variants of these issues.
• Citrix NetScaler Insight Center: Citrix believes that currently supported versions of Citrix NetScaler Insight Center are not impacted by the presently known variants of these issues.
  
• Citrix NetScaler SD-WAN (Standard. Enterprise, WAN Optimization (except 1000WS/2000WS platform) editions) / SD-WAN Center: Citrix believes that currently supported versions of Citrix NetScaler SD-WAN are not impacted by the presently known variants of these issues.
• Citrix ShareFile StorageZones Controller: Citrix believes that currently supported versions of Citrix ShareFile StorageZones Controller are not impacted by the presently known variants of these issues.
• Citrix License Server: Citrix believes that currently supported versions of Citrix License Server are not impacted by the presently known variants of these issues.
  
• Citrix StoreFront: Citrix believes that currently supported versions of Citrix StoreFront are not impacted by the presently known variants of these issues.
  
• Citrix App Orchestration: Citrix believes that currently supported versions of Citrix App Orchestration are not impacted by the presently known variants of these issues.
  
• Citrix App Layering: Citrix believes that currently supported versions of Citrix App Layering are not impacted by the presently known variants of these issues.
  

• Citrix XenApp/XenDesktop: Citrix believes that currently supported versions of the core Citrix XenApp and XenDesktop products are not impacted by presently known variants of these issues. However, it is probable that the underlying operating system, drivers and CPU firmware will require updating. Citrix strongly recommends that customers contact their operating system and hardware vendors for information on how to obtain these updates.
• Citrix Provisioning Services: Citrix believes that currently supported versions of Citrix Provisioning Services products are not impacted by presently known variants of these issues. However, it is probable that the underlying operating system, drivers and CPU firmware will require updating. Citrix strongly recommends that customers contact their operating system and hardware vendors for information on how to obtain these updates.
• Citrix AppDNA: Citrix believes that currently supported versions of Citrix AppDNA are not impacted by presently known variants of these issues. However, it is probable that the underlying operating system, drivers and CPU firmware will require updating. Citrix strongly recommends that customers contact their operating system and hardware vendors for information on how to obtain these updates.
• Citrix Linux VDA: Citrix believes that currently supported versions of Citrix Linux VDA are not impacted by presently known variants of these issues. However, it is probable that the underlying operating system, drivers and CPU firmware will require updating. Citrix strongly recommends that customers contact their operating system and hardware vendors for information on how to obtain these updates.
• Citrix XenMobile Apps: Citrix believes that currently supported versions of Citrix XenMobile Apps are not impacted by presently known variants of these issues. However, it is probable that the underlying operating system, drivers and CPU firmware will require updating. Citrix strongly recommends that customers contact their operating system and hardware vendors for information on how to obtain these updates.
• Citrix ShareFile Clients on Desktop and Mobile: Citrix believes that currently supported versions Citrix ShareFile Clients are not impacted by presently known variants of these issues. However, it is probable that the underlying operating system, drivers and CPU firmware will require updating. Citrix strongly recommends that customers contact their operating system and hardware vendors for information on how to obtain these updates.
• Citrix Receivers for Desktop and Mobile: Citrix believes that currently supported versions of Citrix Receivers are not impacted by presently known variants of these issues. However, it is probable that the underlying operating system, drivers and CPU firmware will require updating. Citrix strongly recommends that customers contact their operating system and hardware vendors for information on how to obtain these updates.
• ByteMobile products: When deployed in line with Citrix recommendations, Citrix believes that currently supported versions of ByteMobile products are not impacted by the presently known variants of these issues. However, Citrix strongly recommends that customers using virtualized installations of ByteMobile products contact their Citrix ByteMobile Telco Support contact for potential mitigations steps and further information.

• Citrix NetScaler SDX: Citrix believes that currently supported versions of Citrix NetScaler SDX are not at risk from malicious network traffic. However, in light of these issues, Citrix strongly recommends that customers only deploy NetScaler instances on Citrix NetScaler SDX where the NetScaler admins are trusted.
• Citrix NetScaler SD-WAN (WANOpt1000WS/2000WS): When deployed in environments with only trusted administrators, Citrix believes that currently supported WAN Optimization versions of Citrix SD-WAN on 1000WS/2000WS platforms are not at risk from malicious network traffic. Citrix strongly recommends that Citrix SD-WAN 1000WS and 2000WS administrators ensure that access to the Citrix supplied Windows VM is limited to trusted administrators only
• Citrix XenServer: Please see https://support.citrix.com/article/ctx231390 for information on Citrix XenServer