Nowe podatności w produkcie firmy Citrix (P26-165)
utworzone przez | kwi 29, 2026 | Aktualizacje
| Product | XenServer – versions prior to 8.4 |
| CVE | CVE-2026-23556 |
| Base score | 6.5/10 |
| CVSS | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Details | Quota use count leak in oxenstored. A malicious guest can exhaust system resources, leading to a Denial of Service (DoS) for management tasks. |
| | |
| CVE | CVE-2026-23558 |
| Base score | 6.3/10 |
| CVSS | AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N |
| Details | Information leak in MSI-X interrupt handling. Allows a guest administrator to read small fragments of hypervisor memory. |
| | |
| CVE | CVE-2026-23559 |
| Base score | 6.0/10 |
| CVSS | AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H |
| Details | Use-after-free vulnerability in PCI passthrough handling. Can be exploited by a privileged guest to crash the entire host. |
| | |
| CVE | CVE-2026-23560 |
| Base score | 8.8/10 |
| CVSS | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| Details | Logic error in the grant table mechanism. Allows unauthorized access to memory pages belonging to other domains (privilege escalation). |
| | |
| CVE | CVE-2026-23561 |
| Base score | 8.2/10 |
| CVSS | AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| Details | Improper input validation in backend drivers. Enables a privileged guest to execute arbitrary code with Dom0 privileges. |
| | |
| Patch available | YES |
| Link | https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696527&articleURL=XenServer_Security_Update_for_Multiple_Issues |
+48 22242 1996
+48 571 207 996
cert@pse.pl 
klucz publiczny