CVE-2023-34320

2023-12-0821:15:07

CWE-667

[email protected]

web.nvd.nist.gov

cortex-a77

erratum 1508412

deadlock

software

nvd

cve-2023-34320

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.2%

JSON

Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412
where software, under certain circumstances, could deadlock a core
due to the execution of either a load to device or non-cacheable memory,
and either a store exclusive or register read of the Physical
Address Register (PAR_EL1) in close proximity.

Affected configurations

NVD

Node

armcortex-a77_firmwareMatchr0p0

armcortex-a77_firmwareMatchr1p0

AND

armcortex-a77Match-

Node

xenxen

CPENameOperatorVersion
arm:cortex-a77_firmwarearm cortex-a77 firmwareeqr0p0
arm:cortex-a77_firmwarearm cortex-a77 firmwareeqr1p0

CPE	Name	Operator	Version
arm:cortex-a77_firmware	arm cortex-a77 firmware	eq	r0p0
arm:cortex-a77_firmware	arm cortex-a77 firmware	eq	r1p0

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "Xen",
    "vendor": "Xen",
    "versions": [
      {
        "status": "unknown",
        "version": "consult Xen advisory XSA-436"
      }
    ]
  }
]