The virtualization solutions from Citrix contained security gaps that the manufacturer closes with updates. The Workspace App for Linux and the hypervisor itself are affected.

In the Workspace App for Linux, local users could have escalated their access rights to root through vulnerabilities (CVE-2022-21825). The versions Workspace App for Linux 2012 to 2111 are affected. In addition, the App Protection component must be installed for this. In its security bulletin, Citrix does not mention whether this is the case in the standard installation; no other platforms apart from Linux are affected. However, the manufacturer estimates the risk of the gap as “high” one.

Vulnerabilities in the hypervisor that put Citrix in the risk level “medium“, attackers with privileged code inside virtual machines could abuse it to cause the host to crash or become unresponsive (CVE-2021-28704, CVE-2021-28705, CVE-2021-28714, CVE-2021-28715). All of these gaps affect all…

Source link

Leave a Reply