CVE-2023-34327

EPSS 0.07%
Veröffentlicht 05.01.2024 17:15:08
Zuletzt bearbeitet 04.11.2025 20:16:31
Quelle security@xen.org
CVE-Watchlists
Login
Unerledigt
Login

[This CNA information record relates to multiple CVEs; the
text explains which aspects/vulnerabilities correspond to which CVE.]

AMD CPUs since ~2014 have extensions to normal x86 debugging functionality.
Xen supports guests using these extensions.

Unfortunately there are errors in Xen's handling of the guest state, leading
to denials of service.

 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of
    a previous vCPUs debug mask state.

 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT.
    This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock
    up the CPU entirely.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Xen ≫ Xen Version >= 4.5.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.222

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

https://xenbits.xenproject.org/xsa/advisory-444.html

Patch

Vendor Advisory

http://xenbits.xen.org/xsa/advisory-444.html

https://nvd.nist.gov/vuln/detail/CVE-2023-34327

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-34327

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-34327

EUVD