According to Citrix, two issues have been identified affecting XenServer and Citrix Hypervisor. A vulnerability could allow unprivileged code in a guest VM to access the memory contents of its own VM or other VMs on the same host. This can result in data or access data being stolen.
Memory contents of other VMs can be copied
Citrix is reporting the issues under the following CVE identifiers: CVE-2024-2201 and CVE-2024-31142. However, CVE-2024-2201 only affects virtual machines that use Intel CPUs. On the other hand, CVE-2024-31142 only affects VMs that use AMD CPUs.
Citrix explains another vulnerability under CVE-2023-46842. It is possible for attackers to crash the host by executing malicious code with privileges in a guest VM. The problem affects VMs under Intel as well as AMD processors.
Updates are available
For users of XenServer 8, there is an update to both the Early Access and the normal update channels. Appropriate instructions are available in the white paper from Citrix for XenServer 8.
For users of An update and instructions are also available for Citrix Hypervisor 8.2 CU1 LTSR.
More at Sophos.com