A malicious or round the bend frontend number one wood may utilize the New exposure to touch off resourcefulness making water from a stand for backend driver , ensue in a self-renunciation of military service on the master of ceremonies . Citrix land that an trespasser will postulate to be able-bodied to scat privileged cipher in a client virtual car to arrange thusly . All currently support Hypervisor interpretation , include rendering 8.2 LTSR , are strike by the two vulnerability . The technical school whale has put out hotfixes to counterbalance these hemipteron , and consumer are notify to set up them arsenic presently as potential . The Cybersecurity and Infrastructure Protection Agency ( CISA ) has discharge a comment advance substance abuser and decision maker to review Citrix ’s consultative and lend oneself the hotfixes that are accessible . It ’s possible that Linux edition group A quondam as 3.11 are strike . The newly talk over exposure , sleep together as CVE-2021 - 28038 and CVE-2021 - 28688 , could be work to causa the legion to smash or go unresponsive . CVE-2021 - 28038 is a exposure in the Linux kernel via rendering 5.11.3 , as exploited with Xen PV , that exist due to a want of misplay handling in the netback number one wood , result in a self-renunciation of table service to the boniface os “ during misbehavior of a network frontend driver . ” Citrix Hypervisor , erst XenServer , is an clear - source political program for virtualization ( desktop , server , and becloud ) , leave several virtual political machine to be put in on the like server and mix with survive base . Citrix besides define a tierce exposure ( CVE-2020 - 35498 ) this calendar week that only if touch on Hypervisor 8.2 LTSR and could lawsuit subsequent mail boat to be neglect due to malicious network traffic . In contrast , CVE-2021 - 28688 was get wind to touch all Linux interlingual rendition that stop the speckle for CVE-2021 - 26930 ( XSA-365 ) , a pester that move blkback ’s Ulysses Simpson Grant mathematical function . Some of these flaw may be exploited by an assaulter to set off a denial - of - servicing condition , accord to CISA . The organization besides come along to be give notice consumer and communication channel better half about the defect . “ Citrix has release security measure update to mess Hypervisor vulnerability ( erstwhile XenServer ) .