Lucene search

GoogleOSV:CVE-2023-34327

HistoryJan 05, 2024 - 5:15 p.m.

CVE-2023-34327

2024-01-0517:15:08

Google

osv.dev

amd cpus

x86 debugging

xen

vulnerabilities

denials of service

4.7 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.2%

JSON

[This CNA information record relates to multiple CVEs; the
text explains which aspects/vulnerabilities correspond to which CVE.]

AMD CPUs since ~2014 have extensions to normal x86 debugging functionality.
Xen supports guests using these extensions.

Unfortunately there are errors in Xen’s handling of the guest state, leading
to denials of service.

CVE-2023-34327 - An HVM vCPU can end up operating in the context of
a previous vCPUs debug mask state.
CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT.
This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock
up the CPU entirely.

CPENameOperatorVersion
xeneq4.15.1-r0
xeneq4.11.0-r0
xeneq4.14.5+24-g87d90d511c-1
xeneq4.3.0-r8
xeneq4.17.0+46-gaaf74a532c-1
xeneq4.0.1-r3
xeneq4.2.1-r1
xeneq4.16.4-r1
xeneq4.14.3+32-g9de3671772-1~deb11u1
xeneq4.14.4+74-gd7b22226b5-1

Name	Operator	Version
xen	eq	4.15.1-r0
xen	eq	4.11.0-r0
xen	eq	4.14.5+24-g87d90d511c-1
xen	eq	4.3.0-r8
xen	eq	4.17.0+46-gaaf74a532c-1
xen	eq	4.0.1-r3
xen	eq	4.2.1-r1
xen	eq	4.16.4-r1
xen	eq	4.14.3+32-g9de3671772-1~deb11u1
xen	eq	4.14.4+74-gd7b22226b5-1