CVE-2023-34327
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.9 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
42.2%
[This CNA information record relates to multiple CVEs; the
text explains which aspects/vulnerabilities correspond to which CVE.]
AMD CPUs since ~2014 have extensions to normal x86 debugging functionality.
Xen supports guests using these extensions.
Unfortunately there are errors in Xen’s handling of the guest state, leading
to denials of service.
-
CVE-2023-34327 - An HVM vCPU can end up operating in the context of
a previous vCPUs debug mask state. -
CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT.
This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock
up the CPU entirely.
Affected configurations
CNA Affected
[
{
"defaultStatus": "unknown",
"product": "Xen",
"vendor": "Xen",
"versions": [
{
"status": "unknown",
"version": "consult Xen advisory XSA-444"
}
]
}
]Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.9 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
42.2%