Several security issues have been identified in Citrix Hypervisor, that may each allow privileged code in a guest VM to cause the host to crash or become unresponsive. 

These issues have the following identifiers: 

• CVE-2021-28704 
• CVE-2021-28705 
• CVE-2021-28714 
• CVE-2021-28715 

All of these issues affect all currently supported versions of Citrix Hypervisor.

Instructions

Citrix has released hotfixes to address these issues. Citrix recommends that affected customers install these hotfixes as their patching schedule allows.  The hotfixes can be downloaded from the following locations: 

Citrix Hypervisor 8.2 CU1 LTSR: CTX338448 – https://support.citrix.com/article/CTX338448 and CTX335882 – https://support.citrix.com/article/CTX335882

Citrix Hypervisor 8.2: CTX338444 – https://support.citrix.com/article/CTX338444 and CTX335880 – https://support.citrix.com/article/CTX335880

Citrix XenServer 7.1 LTSR CU2: CTX335531 – https://support.citrix.com/article/CTX335531 and CTX335881 – https://support.citrix.com/article/CTX335881