July 2020 XCP-ng Security Updates

Security updates are available for the two supported releases of XCP-ng: 8.0 and 8.1.

To update, follow this guide. You can also join the discussion on our community forum. Reboot after updating.

Related: Citrix Hypervisor Security Bulletin

The fixed vulnerabilities are only believed to pose a risk in specific configurations.

XSA-319: possible host crash caused by HVM guest

  • Impact: "A malicious or buggy HVM guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host."

  • Vulnerable systems: "Only x86 HVM guests using shadow paging can leverage the vulnerability. In addition there needs to be an entity actively monitoring a guest's video frame buffer (typically for display purposes) in order for such a guest to be able to leverage the vulnerability."

  • Resolution: Apply the updates on your XCP-ng hosts and reboot.

Reference: http://xenbits.xen.org/xsa/advisory-319.html


XSA-321: possible host crash and privilege escalation from guest

  • Impact: "A malicious guest may be able to retain read/write DMA access to frames returned to Xen's free pool, and later reused for another purpose. Host crashes (leading to a Denial of Service) and privilege escalation cannot be ruled out."

  • Vulnerable systems: "Only x86 Intel systems are affected. x86 AMD as well as Arm systems are not affected. Only x86 HVM guests using hardware assisted paging (HAP), having a passed through PCI device assigned, and having page table sharing enabled can leverage the vulnerability. [...]"

  • Resolution: Apply the updates on your XCP-ng hosts and reboot.

Reference: http://xenbits.xen.org/xsa/advisory-321.html