Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vulnrichmentXENVULNRICHMENT:CVE-2023-34322
HistoryJan 05, 2024 - 4:18 p.m.

CVE-2023-34322 top-level shadow reference dropped too early for 64-bit PV guests

2024-01-0516:18:01
XEN
github.com
3
cve-2023-34322
shadow reference
64-bit pv guests
migration
l1tf workaround
shadow paging

AI Score

6.7

Confidence

Low

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

For migration as well as to work around kernels unaware of L1TF (see
XSA-273), PV guests may be run in shadow paging mode. Since Xen itself
needs to be mapped when PV guests run, Xen and shadowed PV guests run
directly the respective shadow page tables. For 64-bit PV guests this
means running on the shadow of the guest root page table.

In the course of dealing with shortage of memory in the shadow pool
associated with a domain, shadows of page tables may be torn down. This
tearing down may include the shadow root page table that the CPU in
question is presently running on. While a precaution exists to
supposedly prevent the tearing down of the underlying live page table,
the time window covered by that precaution isn’t large enough.

Related

cvelist 1
cve 1
osv 2
xen 1
ubuntucve 1
prion 1
veracode 1
nvd 1
debiancve 1
nessus 12
openvas 11
fedora 3
gentoo 1
cvelist
cvelist
CVE-2023-34322 top-level shadow reference dropped too early for 64-bit PV guests
2024-01-05 16:18:01
cve
cve
CVE-2023-34322
2024-01-05 17:15:08
osv
osv
CVE-2023-34322
2024-01-05 17:15:08
xen-4.17.2_04-1.1 on GA media
2024-06-15 00:00:00
xen
xen
top-level shadow reference dropped too early for 64-bit PV guests
2023-09-19 12:00:00
ubuntucve
ubuntucve
CVE-2023-34322
2024-01-05 00:00:00
prion
prion
Information disclosure
2024-01-05 17:15:00
veracode
veracode
Privilege Escalation
2023-10-02 19:39:01
nvd
nvd
CVE-2023-34322
2024-01-05 17:15:08
debiancve
debiancve
CVE-2023-34322
2024-01-05 17:15:08
nessus
nessus
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xen (SUSE-SU-2023:3831-1)
2023-09-28 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xen (SUSE-SU-2023:3832-1)
2023-09-28 00:00:00
Fedora 38 : xen (2023-4125279976)
2023-09-30 00:00:00
openvas
openvas
openSUSE: Security Advisory for xen (SUSE-SU-2023:3832-1)
2024-03-04 00:00:00
openSUSE: Security Advisory for xen (SUSE-SU-2023:3831-1)
2024-03-04 00:00:00
Fedora: Security Advisory for xen (FEDORA-2023-4125279976)
2023-10-01 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: xen-4.16.5-2.fc37
2023-10-12 01:18:17
[SECURITY] Fedora 38 Update: xen-4.17.2-2.fc38
2023-09-30 03:35:43
[SECURITY] Fedora 39 Update: xen-4.17.2-2.fc39
2023-10-03 00:20:43
gentoo
gentoo
Xen: Multiple Vulnerabilities
2024-09-22 00:00:00

AI Score

6.7

Confidence

Low

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON
Related for VULNRICHMENT:CVE-2023-34322
cvelist1cve1osv2xen1ubuntucve1prion1veracode1nvd1debiancve1nessus12openvas11fedora3gentoo1