CVE-2023-34323

2024-01-0517:15:08

Debian Security Bug Tracker

security-tracker.debian.org

transaction commit

quota check

negative accounting

assert

crash

unix

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

9.2

Confidence

High

EPSS

Percentile

9.0%

JSON

When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. It would be possible that accounting is temporarily negative if a node has been removed outside of the transaction. Unfortunately, some versions of C Xenstored are assuming that the quota cannot be negative and are using assert() to confirm it. This will lead to C Xenstored crash when tools are built without -DNDEBUG (this is the default).

OSVersionArchitecturePackageVersionFilename
Debian12allxen< 4.17.2+76-ge1f9cb16e2-1~deb12u1xen_4.17.2+76-ge1f9cb16e2-1~deb12u1_all.deb
Debian11allxen<= 4.14.6-1xen_4.14.6-1_all.deb
Debian999allxen< 4.17.2+55-g0b56bed864-1xen_4.17.2+55-g0b56bed864-1_all.deb
Debian13allxen< 4.17.2+55-g0b56bed864-1xen_4.17.2+55-g0b56bed864-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	xen	< 4.17.2+76-ge1f9cb16e2-1~deb12u1	xen_4.17.2+76-ge1f9cb16e2-1~deb12u1_all.deb
Debian	11	all	xen	<= 4.14.6-1	xen_4.14.6-1_all.deb
Debian	999	all	xen	< 4.17.2+55-g0b56bed864-1	xen_4.17.2+55-g0b56bed864-1_all.deb
Debian	13	all	xen	< 4.17.2+55-g0b56bed864-1	xen_4.17.2+55-g0b56bed864-1_all.deb