Security Advisory 2023-091

Release Date:

High Vulnerabilities in Citrix Hypervisor



  • 20/11/2023 --- v1.0 -- Initial publication


On November 15, 2023, Citrix issued an advisory regarding two vulnerabilities affecting Citrix Hypervisor 8.2 CU1 LTSR that could allow malicious code in a guest VM to compromise the host [1].

Technical Details

The vulnerability CVE-2023-46835 may allow privileged malicious code in a guest VM to compromise an AMD-based host via a passed through PCI device.

The vulnerability CVE-2023-23583, with a CVSS score of 8.8, affects the Intel 'Ice Lake' (2019) and later Intel processor generations. Although this is not an issue in the Citrix Hypervisor product itself, Citrix teams have included updated Intel microcode to mitigate this CPU hardware issue. This issue may allow unprivileged code in a guest VM to compromise that VM and, potentially, the host.

Affected Products

These vulnerabilities affect the Citrix Hypervisor 8.2 CU1 LTSR.

  • CVE-2023-23583 only affects systems running on Intel Ice Lake or later CPUs.
  • CVE-2023-46835 only affects systems that have both of a PCI device passed through to the guest VM by the host administrator and also an AMD CPU. Customers who are not using AMD CPUs and customers who are not using the PCI pass-through feature are not affected by this issue.


It is recommended applying fixes as soon as possible [2].




We got cookies

We only use cookies that are necessary for the technical functioning of our website. Find out more on here.