Citrix Hypervisor version 8.2 Cumulative Update 1 Long-Term Service Release (CU1 LTSR) is susceptible to exploitation, enabling potentially harmful privileged code within a guest virtual machine (VM) to compromise an AMD-based host. The vulnerability arises specifically in VM hosts utilizing an AMD CPU and employing PCI device passthrough. This issue exposes a security risk wherein malicious activities within the guest VM can compromise the integrity of the host system through a passed-through PCI device. Citrix Hypervisor is built on top of the Xen open source hypervisor; the latter serves as foundation for the security-oriented operating system QubesOS.
- Clipeus